Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 55 Topic 6 Discussion

CMMC-CCP Exam Topic 6 Question 55 Discussion:

Question #: 55

Topic #: 6

Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?

Access Control (AC)

Media Protection (MP)

Asset Management (AM)

Configuration Management (CM)

Get Premium CMMC-CCP Questions

Explanation

Understanding the Role of Configuration Management (CM) in CMMC 2.0

TheConfiguration Management (CM) domainin CMMC 2.0 ensures that systems aresecurely configured and maintainedto prevent unauthorized or unnecessary changes that could introduce vulnerabilities. One key requirement in CM is torestrict, disable, or prevent the use of nonessential programsto reduce security risks.

Relevant CMMC 2.0 Practice:

CM.L2-3.4.1 – Establish and enforce security configuration settings for information technology products employed in organizational systems.

This practicerequires organizations to control system configurations, including the removal or restriction ofnonessential programs, functions, ports, and servicestoreduce attack surfaces.

The goal is tominimize exposure to cyber threatsby ensuring only necessary and approved software is running on the system.

Why is the Correct Answer CM (D)?

A. Access Control (AC) → Incorrect

Access Control (AC) focuses onmanaging user permissions and accessto systems and data, not restricting programs.

B. Media Protection (MP) → Incorrect

Media Protection (MP) deals withprotecting and controlling removable media(e.g., USBs, hard drives) rather than software or system configurations.

C. Asset Management (AM) → Incorrect

Asset Management (AM) is aboutidentifying and tracking IT assets, not configuring or restricting software.

D. Configuration Management (CM) → Correct

CM explicitly coverssecuring system configurationsbyrestricting nonessential programs, ports, services, and functions, making it the correct answer.

CMMC 2.0 References Supporting this Answer:

CMMC 2.0 Practice CM.L2-3.4.1(Security Configuration Management)

Requires organizations toenforce security configuration settingsandremove unnecessary programsto protect systems.

NIST SP 800-171 Requirement 3.4.1

Supportssecure configuration settingsandrestricting unauthorized applicationsto prevent security risks.

CMMC 2.0 Level 2 Requirement

This practice is aLevel 2 (Advanced) requirement, meaningorganizations handling Controlled Unclassified Information (CUI)must comply with it.

Actual exam question for Cyber AB CMMC-CCP exam by Onyx85597 at May 9, 2026, 12:33:05 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 55 Topic 6 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 55 Topic 6 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 55 Topic 6 Discussion

Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 55 Topic 6 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval