Cyber AB CCPFree Certified CMMC Professional practice test

Correct answer: C. Registered Practitioners

Registered Practitioners (RPs) are consultants employed by or working through Registered Practitioner Organizations (RPOs). Their role is to help OSCs design and implement practices and produce process documentation that aligns with CMMC requirements.

Correct answer: B. Certified CMMC Professional

Certified CMMC Professionals (CCPs) are authorized to participate as assessment team members under the supervision of a Certified CMMC Assessor on CMMC Level 2 Assessments, making them the experienced support role authorized to assist an assessor.

Correct answer: C. Levying fines against an Organization Seeking Certification for non-compliance, errors, or omissions.

C3PAOs are responsible for hiring and training assessors, contracting with OSCs, and managing certification assessments. However, they are not enforcement bodies and have no authority to impose fines or penalties. Enforcement falls outside C3PAO scope and is handled through other mechanisms in the CMMC ecosystem.

Correct answer: D. The firm must obtain and maintain ISO/IEC 17020 accreditation.

ISO/IEC 17020 is the international standard for bodies performing inspection activities. Because C3PAOs act as independent assessment bodies evaluating organizations against CMMC requirements, this standard is required by the Cyber AB to confirm that the C3PAO operates with impartiality, consistency, and technical competence. DFARS compliance, FISMA moderate, and CMMC Level 2 certification each serve different purposes and do not substitute for ISO/IEC 17020 as the accreditation prerequisite.

Correct answer: C. April 10, 2024

C3PAOs are given a 30-day grace period to maintain association with at least one Certified CMMC Professional (CCP), Provisional Assessor (PA), or Certified CMMC Assessor (CCA). Thirty days after March 10, 2024 is April 9, 2024 — however the standard rule counts from the day after the event, making the deadline April 10, 2024 (the 30th day inclusive from March 11). The correct answer mirrors the source rule of a 30-day window from the dissociation date.

Correct answer: D. Lakshmi, a Software Engineer

Lakshmi's software engineering background gives her relevant technical expertise in areas such as access control, system configuration, and secure development — all of which align closely with CMMC Level 3 requirements. The other candidates work in non-technical functions with limited direct applicability to cybersecurity compliance.

Correct answer: A. Cyber AB Marketplace

Once a CCP has completed all required steps — including signing the Code of Professional Conduct — their certification becomes active and they are listed in the CMMC Marketplace managed by the Cyber AB, which is the official platform for promoting CCP qualifications.

Correct answer: A. The Office of the Undersecretary of Defense (OUSD)

The Office of the Undersecretary of Defense (OUSD) oversees the security of the Defense Industrial Base. They developed the CMMC framework to improve DIB security and establish a unified cybersecurity standard for DoD acquisitions.

Correct answer: D. Apex should determine the appropriate CMMC level based on the information it will handle under the contract. The C3PAO will request the System Security Plan (SSP).

The first step for Apex is identifying the appropriate CMMC level based on the information types it will process. This is followed by a gap analysis, remediation planning, documentation of policies and procedures, and development of an SSP and POA&M. When a C3PAO begins an engagement, the primary document requested is the SSP. An IRP or CMP would be requested later in the process, not at the start.

Correct answer: B. Annually

A CCP must renew their certification every year, which currently costs $250. If the CCP subsequently earns the Certified CMMC Assessor (CCA) credential, only the CCA certification needs to be renewed annually at a fee of $500.