CMMC Level 1 Exam | Questions & Answers (100 %Score) Latest Updated 2024/2025 Comprehensive Questions A+ Graded Answers | 100% Pass

CMMC Level 1 Exam | Questions & Answers (100 %Score) Latest Updated 2024/2025
Comprehensive Questions A+ Graded Answers | 100% Pass

AC.L1-3.1.1 requires that all employees must have administrative access to all information systems. -
✔✔False. AC.L1-3.1.1 requires limiting information system access to authorized users only, not granting
administrative access to all.



AC.L1-3.1.1 mandates that only authorized users, processes, and devices should have access to
information systems. - ✔✔True



AC.L1-3.1.2 allows users to alter their access permissions whenever needed to ensure workflow
continuity. - ✔✔False. AC.L1-3.1.2 ensures that users can only perform authorized transactions and
functions, which includes not allowing them to alter their own permissions.



AC.L1-3.1.2 requires implementing access controls that restrict access to system functions and data
based on users' roles and responsibilities. - ✔✔True



AC.L1-3.1.20 suggests using unsecured external connections to facilitate easier access for remote users.
- ✔✔False. AC.L1-3.1.20 requires that external connections be approved, monitored, and periodically
reviewed for security.



AC.L1-3.1.20 mandates the use of secure methods, such as VPNs and encrypted connections, for
external access to information systems. - ✔✔True



AC.L1-3.1.22 requires that sensitive information be posted on public websites to ensure transparency. -
✔✔False. AC.L1-3.1.22 requires controlling the dissemination of public information to prevent
unauthorized release of sensitive information.



AC.L1-3.1.22 involves reviewing and approving information before it is made publicly available. -
✔✔True



IA.L1-3.5.1 permits the use of shared user accounts as long as the accounts are monitored. - ✔✔False.
IA.L1-3.5.1 requires unique user IDs and strong identity verification, not shared accounts.

, IA.L1-3.5.1 requires each user to have a unique identifier to track system access and actions accurately. -
✔✔True



IA.L1-3.5.2 recommends using simple and easily memorable passwords for authentication. - ✔✔False.
IA.L1-3.5.2 emphasizes the use of strong, complex passwords and other authentication methods.



IA.L1-3.5.2 suggests implementing multi-factor authentication (MFA) to enhance security. - ✔✔True



MP.L1-3.8.3 allows electronic storage media to be discarded without any special procedures if it no
longer works. - ✔✔False. MP.L1-3.8.3 requires secure disposal methods such as physical destruction or
secure wiping of data.



MP.L1-3.8.3 requires organizations to securely wipe or destroy electronic storage media before disposal.
- ✔✔True



PE.L1-3.10.1 mandates that physical access to information systems should be limited to authorized
individuals. - ✔✔True



PE.L1-3.10.1 allows unrestricted access to all employees to ensure operational efficiency. - ✔✔False.
PE.L1-3.10.1 emphasizes limiting physical access to authorized individuals only.



PE.L1-3.10.3 requires visitors to be granted unrestricted access to all areas within the facility. - ✔✔False.
PE.L1-3.10.3 requires visitors to be escorted and monitored within restricted areas.



PE.L1-3.10.3 involves escorting visitors at all times and maintaining logs of their entry and exit. -
✔✔True



PE.L1-3.10.4 suggests that maintaining physical access logs is unnecessary for security purposes. -
✔✔False. PE.L1-3.10.4 requires maintaining physical access logs to track and monitor access to sensitive
areas.