Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 40 Topic 5 Discussion

CMMC-CCP Exam Topic 5 Question 40 Discussion:

Question #: 40

Topic #: 5

The evidence needed for each practice and/or process is weight for:

adequacy and sufficiency.

adequacy and thoroughness.

sufficiency and thoroughness.

sufficiency and appropriateness.

Get Premium CMMC-CCP Questions

Explanation

During aCMMC assessment, organizations must provide evidence to demonstrate compliance with requiredpractices and processes. Assessors evaluate this evidence based on two key criteria:

Adequacy– Does the evidence meet the intent of the security requirement?

Sufficiency– Is there enough evidence to reasonably conclude that the practice/process is effectively implemented?

These principles are outlined in theCMMC Assessment Process Guide, which provides a structured approach for evaluating compliance.

Step-by-Step Breakdown:✅1. Adequacy – Does the evidence fully meet the requirement?

Adequacyrefers to whether the evidence properly demonstrates that the security practice has been implemented as required.

Example: If an organization claims to enforceMulti-Factor Authentication (MFA), an assessor would checksystem configurations, login policies, and user authentication logsto confirm that MFA is actually in use.

✅2. Sufficiency – Is there enough evidence to support the claim?

Sufficiencymeans that there isenough supporting evidenceto prove compliance.

Example: If an organization providesonly one screenshot of an MFA login screen, that alone may not besufficient—additional logs, policies, and user records would help strengthen the case.

(B) Adequacy and Thoroughness❌

Thoroughnessis not a defined metric in CMMC evidence evaluation.

The focus is onwhether the evidence meets the requirement (adequacy)and if there isenough of it (sufficiency).

Thoroughnessis not a recognized term in CMMC compliance validation.

Evidence must beadequate and sufficient, not just thorough.

(D) Sufficiency and Appropriateness❌

Appropriatenessis not a CMMC-defined criterion.

Thecorrect terms used in CMMC assessmentsareAdequacy(Does it meet the requirement?) andSufficiency(Is there enough proof?).

Why the Other Answer Choices Are Incorrect:

CMMC Assessment Process Guideexplicitly states that evidence must be evaluated based onadequacyandsufficiencyto confirm compliance with security practices.

Final Validation from CMMC Documentation:

Actual exam question for Cyber AB CMMC-CCP exam by Zephyr45049 at Aug 3, 2025, 11:02:38 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 40 Topic 5 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 40 Topic 5 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 40 Topic 5 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 40 Topic 5 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval