Last Updated On : 20-May-2026
Certified CMMC Professional (CCP) Exam
Total 204 Questions
Which standard and regulation requirements are the CMMC Model 2.0 based on?
A. NIST SP 800-171 and NIST SP 800-172
B. DFARS, FIPS 100, and NIST SP 800-171
C. DFARS, NIST, and Carnegie Mellon University
D. DFARS, FIPS 100, NIST SP 800-171, and Carnegie Mellon University
An assessment is being conducted at a remote client site. For the duration of the assessment, the client has provided a designated hoteling space in their secure facility which consists of a desk with access to a shared printer. After noticing that the desk does not lock, a locked cabinet is requested but the client does not have one available. At the end of the day, the client provides a printout copy of an important network diagram. The diagram is clearly marked and contains CUI. What should be done NEXT to protect the document?
A. Take it with them to review in the evening.
B. Leave it on the desk for review the following day.
C. Put it in the unlocked desk drawer for review the following morning.
D. Take a picture with the personal phone before securely shredding it.
An assessor is collecting affirmations. So far, the assessor has collected interviews, demonstrations, emails, messaging, and presentations. Are these appropriate approaches to collecting affirmations?
A. No, emails are not appropriate affirmations.
B. No, messaging is not an appropriate affirmation.
C. Yes, the affirmations collected by the assessor are all appropriate.
D. Yes, the affirmations collected by the assessor are all appropriate, as are screenshots.
In preparation for a CMMC Level 1 Self-Assessment, the IT manager for a DIB organization is documenting asset types in the company's SSP The manager determines that identified machine controllers and assembly machines should be documented as Specialized Assets. Which type of Specialized Assets has the manager identified and documented?
A. loT
B. Restricted IS
C. Test equipment
D. Operational technology
During the planning phase of a CMMC Level 2 Assessment, the Lead Assessor is considering what would constitute the right evidence for each practice. What is the Assessor attempting to verify?
A. Adequacy
B. Sufficiency
C. Process mapping
D. Assessment scope
According to the Configuration Management (CM) domain, which principle is the basis for defining essential system capabilities?
A. Least privilege
B. Essential concern
C. Least functionality
D. Separation of duties
In scoping a CMMC Level 1 Self-Assessment, it is determined that an ESP employee has access to FCI. What is the ESP employee considered?
A. In scope
B. Out of scope
C. OSC point of contact
D. Assessment Team Member
Contractor scoping requirements for a CMMC Level 2 Assessment to document the asset in an inventory, in the SSP and on the network diagram apply to:
A. GUI Assets.
B. CUI and Security Protection Asset categories.
C. all asset categories except for the Out-of-scope Assets.
D. Contractor Risk Managed Assets and Specialized Assets.
Which term describes the process of granting or denying specific requests to obtain and use information, related information processing services, and enter specific physical facilities?
A. Access control
B. Physical access control
C. Mandatory access control
D. Discretionary access control
A contractor provides services and data to the DoD. The transactions that occur to handle FCI take place over the contractor's business network, but the work is performed on contractor-owned systems, which must be configured based on government requirements and are used to support a contract. What type of Specialized Asset are these systems?
A. loT
B. Restricted IS
C. Test equipment
D. Government property
| Page 4 out of 21 Pages |
| 1234567891011 |
| CMMC-CCP Practice Test Home |
Choosing the right preparation material is critical for passing the Certified CMMC Professional (CCP) Exam exam. Here’s how our CMMC-CCP practice test is designed to bridge the gap between knowledge and a passing score.