Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 17 Topic 2 Discussion

CMMC-CCP Exam Topic 2 Question 17 Discussion:

Question #: 17

Topic #: 2

A Lead Assessor is planning an assessment and scheduling the test activities. Who MUST perform tests to obtain evidence?

OSC personnel who normally perform that work as the CCP observes

Military personnel and the CCP and/or Lead Assessor to test the adequacy of the written procedure(s)

Military personnel assigned to the contractor for that contract to ensure the confidentiality of the CUI

OSC personnel who do not ordinarily perform that work to evaluate the accuracy of the written procedure(s)

Get Premium CMMC-CCP Questions

Explanation

Understanding Who Must Perform Tests in a CMMC AssessmentDuring aCMMC Level 2 Assessment, assessorsmust observe operational activities and security practicesto verify compliance. This process involves:

✔Testing security controls and proceduresas part of the assessment.

✔Observation of standard work practicesto ensure controls are properly implemented.

✔Using operational personnel (OSC employees) who regularly perform the taskto ensure realistic assessment conditions.

Operational personnel (OSC employees) must conduct the actual work while assessors observe.

Certified CMMC Professionals (CCPs) or Lead Assessorsoversee and document the testing process.

Who Performs Tests?

A. OSC personnel who normally perform that work as the CCP observes → Correct

CMMC assessments require actual users (OSC personnel) to perform their regular duties while assessors observeto verify security practices.

B. Military personnel and the CCP and/or Lead Assessor to test the adequacy of the written procedure(s) → Incorrect

Military personnel are not responsible for testing contractor security controls.

Assessors observe and evaluate but do not perform testing themselves.

C. Military personnel assigned to the contractor for that contract to ensure the confidentiality of the CUI → Incorrect

Military personnel do not perform the testing.

The contractor (OSC) is responsible for implementing and demonstrating security controls.

D. OSC personnel who do not ordinarily perform that work to evaluate the accuracy of the written procedure(s) → Incorrect

Personnel unfamiliar with the job should not be used for testing.

Theassessment must reflect real-world conditions, so theactual employees who perform the work must demonstrate the process.

Why is the Correct Answer "A" (OSC personnel who normally perform that work as the CCP observes)?

CMMC Assessment Process (CAP) Document

Specifies thatassessments must observe real operational activities to determine compliance.

CMMC-AB Assessment Methodology

Requirestesting of security controls in a realistic operational environment, meaning actual OSC personnel must perform the tasks.

NIST SP 800-171A (Assessment Procedures for NIST SP 800-171)

Specifies thatinterviews and observations should be conducted with personnel who regularly perform the work.

Actual exam question for Cyber AB CMMC-CCP exam by Zephyr21419 at Aug 3, 2025, 11:04:25 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 17 Topic 2 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 17 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 17 Topic 2 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 17 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval