Understanding the "Examine" Assessment Method in CMMC 2.0CMMC 2.0 usesthree assessment methodsto evaluate security compliance:

Examine– Reviewing, inspecting, observing, studying, or analyzing assessment objects (e.g., policies, system documentation).

Interview– Speaking with personnel to verify knowledge and responsibilities.

Test– Performing technical validation to check system configurations.

TheCMMC Assessment Process (CAP)definesExamineas the method used toreview or analyze assessment objects, such as policies, procedures, configurations, and logs.

Relevant CMMC 2.0 Reference:

A. Test → Incorrect

"Test" involvesexecutinga function to validate its security (e.g., verifying access controls through a live system test).

B. Assess → Incorrect

"Assess" is a broad term; CMMC explicitly defines "Examine" as the method for reviewing documentation.

C. Examine → Correct

"Examine" is the official term forreviewing policies, procedures, configurations, or logs.

D. Interview → Incorrect

"Interview" involvesverbal discussions with personnel, not document analysis.

Why is the Correct Answer "Examine" (C)?

CMMC Assessment Process (CAP) Document

Defines "Examine" asanalyzing assessment objects (e.g., policies, procedures, logs, documentation).

NIST SP 800-171A

Specifies "Examine" as a method toreview security controls and configurations.

CMMC 2.0 References Supporting this Answer: