Last Updated On : 20-May-2026
Certified CMMC Professional (CCP) Exam
Total 204 Questions
In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?
A. In scope, because it is an asset that stores FCI
B. In scope, because it is part of the same physical location
C. Out of scope, because they are all only paper documents
D. Out of scope, because it does not process or transmit FCI
The Level 1 practice description in CMMC is Foundational. What is the Level 2 practice description?
A. Expert
B. Advanced
C. Optimizing
D. Continuously Improved
Which code or clause requires that a contractor is meeting the basic safeguarding requirements for FCI during a Level 1 Self-Assessment?
A. FAR 52.204-21 .
B. 22CFR 120-130
C. DFARS 252.204-7011
D. DFARS 252.204-7021
An assessment procedure consists of an assessment objective, potential assessment methods, and assessment objects. Which statement is part of an assessment objective?
A. Specifications and mechanisms
B. Examination, interviews, and testing
C. Determination statement related to the practice
D. Exercising assessment objects under specified conditions
A Lead Assessor is presenting an assessment kickoff and opening briefing. What topic MUST be included?
A. Gathering evidence
B. Review of the OSC's SSP
C. Overview of the assessment process
D. Examination of the artifacts for sufficiency
During a Level 2 Assessment, the OSC has provided an inventory list of all hardware. The list includes servers, workstations, and network devices. Why should this evidence be sufficient for making a scoring determination for AC.L2-3.1.19: Encrypt CUI on mobile devices and mobile computing platforms?
A. The inventory list does not specify mobile devices.
B. The interviewee attested to encrypting all data at rest.
C. The inventory list does not include Bring Your Own Devices.
D. The DoD has accepted an alternative safeguarding measure for mobile devices.
The Advanced Level in CMMC will contain Access Control {AC) practices from:
A. Level 1.
B. Level 3.
C. Levels 1 and 2.
D. Levels 1,2, and 3.
SC.L2-3 13.14: Control and monitor the use of VoIP technologies is marked as NOT APPLICABLE for an OSC's assessment. How does this affect the assessment scope?
A. Any existing telephone system is in scope even if it is not using VoIP technology.
B. An error has been made and the Lead Assessor should be contacted to correct the error.
C. VoIP technology is within scope, and it uses FlPS-validated encryption, so it does not need to be assessed. .
D. VoIP technology is not used within scope boundary, so no assessment procedures are specified for this practice.
How many domains does the CMMC Model consist of?
A. 14 domains
B. 43 domains
C. 72 domains
D. 110 domains
Which statement BEST describes the key references a Lead Assessor should refer to and use the:
A. DoD adequate security checklist for covered defense information.
B. CMMC Model Overview as it provides assessment methods and objects.
C. safeguarding requirements from FAR Clause 52.204-21 for a Level 2 Assessment.
D. published CMMC Assessment Guide practice descriptions for the desired certification level.
| Page 7 out of 21 Pages |
| 23456789101112 |
| CMMC-CCP Practice Test Home |
Choosing the right preparation material is critical for passing the Certified CMMC Professional (CCP) Exam exam. Here’s how our CMMC-CCP practice test is designed to bridge the gap between knowledge and a passing score.