Cyber AB Certified CMMC Assessor (CCA) Exam CMMC-CCA Question # 39 Topic 4 Discussion

CMMC-CCA Exam Topic 4 Question 39 Discussion:

Question #: 39

Topic #: 4

The assessment team has divided responsibilities to review portions of the OSC’s scope, including the Host Unit, the specific enclave, and supporting teams such as a Managed Security Service Provider (MSSP). During evidence review, the team notices that MSSP personnel answered interview questions somewhat differently than OSC personnel. To clarify this inconsistency, the Lead Assessor decides to take all the following steps EXCEPT:

Review the network diagrams.

Review the agreement with the MSSP.

Review the notes to determine what was different.

Review interview questionnaire consistency.

Get Premium CMMC-CCA Questions

Explanation

Applicable Requirement (CMMC Assessment Process): The CMMC Assessment Process (CAP) requires assessors to collect, analyze, and reconcile evidence using triangulation (examine, interview, test) to confirm whether requirements are MET or NOT MET. When inconsistencies arise, the assessor must go back to objective evidence such as diagrams, contracts, and notes.

Why Reviewing Network Diagrams Helps (supports A): Network diagrams provide authoritative evidence of scope, data flows, and system boundaries, which helps clarify whether the MSSP’s services were accurately described.

Why Reviewing MSSP Agreements Helps (supports B): Agreements (such as interconnection security agreements or service-level agreements) define shared responsibilities and confirm how the MSSP supports security controls. This evidence is critical to resolving inconsistent testimony.

Why Reviewing Notes Helps (supports C): Notes from previous interviews allow the team to pinpoint where answers diverged. This is a valid method of evidence review and aligns with CAP guidance on documenting interviews.

Why Interview Questionnaire Consistency is NOT the Correct Step (refutes D): The CAP emphasizes resolving inconsistencies through additional evidence, not by adjusting or re-checking the questionnaire itself. The consistency of the questionnaire is irrelevant — what matters is reconciling the evidence provided by both the OSC and MSSP. Thus, this is the action the Lead Assessor would NOT take.

Assessment Guidance Extract (CAP):

“When conflicting evidence is observed, the assessment team must review technical documentation, agreements, and notes to identify the root cause and determine whether additional clarification is required.”

“The interview instrument itself is not a tool for reconciling inconsistencies; rather, objective evidence must be used.”

References (CCA Official Sources):

CMMC Assessment Process (CAP) v1.0 — Section 3: Conducting the Assessment (Interview, Evidence, Triangulation, and Conflict Resolution)

CMMC Assessment Guide – Level 2, Version 2.13 — Guidance on the role of External Service Providers (MSSPs) and use of documented agreements as evidence

NIST SP 800-171A — General assessment methodology: reconcile evidence using examine, interview, and test methods

Actual exam question for Cyber AB CMMC-CCA exam by Zephyr4540 at Sep 1, 2025, 8:36:30 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Cyber AB Certified CMMC Assessor (CCA) Exam CMMC-CCA Question # 39 Topic 4 Discussion

Cyber AB Certified CMMC Assessor (CCA) Exam CMMC-CCA Question # 39 Topic 4 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Cyber AB Certified CMMC Assessor (CCA) Exam CMMC-CCA Question # 39 Topic 4 Discussion

Cyber AB Certified CMMC Assessor (CCA) Exam CMMC-CCA Question # 39 Topic 4 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval