Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Actual exam question for Cyber AB's CMMC-CCA exam Question #: 103 Topic #: 1
During an assessment, the team is interviewing the IT staff to understand the ways in which the organization protects backup data. Because the company's backups contain CUI, the Lead Assessor asks the IT engineer which method is used to ensure that the confidentiality of the backup data is being protected. Which implementation is LEAST LIKELY to be acceptable?
When protecting backup data containing CUI, the requirement is to ensure confidentiality through logical or physical security controls appropriate to the sensitivity of CUI. Acceptable implementations include controlling access to CUI (AC family controls), physically securing media (MP family controls), and encrypting files or media (SC family controls). Merely implementing alternative physical controls for site access is insufficient because site access protections do not directly ensure the confidentiality of the backup media itself. Exact Extracts (from official CMMC Assessor/Study documents and NIST SP 800-171A references): * SC.L2-3.13.16 (Encrypt CUI): "Employ cryptographic mechanisms to prevent unauthorized disclosure of CUI during storage and transmission unless otherwise protected by alternative physical safeguards." * MP.L2-3.8.9 (Protect backup CUI): "Protect the confidentiality of backup CUI at storage locations." * AC.L2-3.1.3 (Access enforcement): "Limit access to CUI on the basis of need-to-know to protect confidentiality." * Physical security references (PE family): "Physical access controls provide general site protection but are not substitutes for encryption or media protection controls when CUI confidentiality is at risk." Why the other options are correct (acceptable methods): * B (Managing who has access to the information): Satisfies Access Control (AC) requirements that limit exposure of CUI only to authorized individuals. * C (Physically securing devices and media): Satisfies Media Protection (MP) requirements, ensuring CUI is stored securely and protected against unauthorized access. * D (Encrypting files or media): Directly satisfies System and Communications Protection (SC) requirements for confidentiality, a highly reliable method. Why option A is least acceptable: * Alternative physical controls for site access protect buildings or rooms, but they do not directly safeguard backup media confidentiality. If backups are removed, lost, or accessed internally, site access controls alone cannot ensure confidentiality. References (official CCA/CMMC documents): * CMMC Assessment Guide - Level 2, Version 2.13: Practices SC.L2-3.13.16, MP.L2-3.8.9, AC.L2- 3.1.3, and PE family discussion (pp. 93-96, 108-110, 125-127). * NIST SP 800-171A, Assessing Security Requirements for CUI: Related assessment objectives for protecting CUI backup confidentiality.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up / login
(it's free).
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).