CMMC Assessment Objectives | Questions & Answers (100 %Score) Latest Updated 2024/2025 Comprehensive Questions A+ Graded Answers | 100% Pass

CMMC Assessment Objectives | Questions & Answers (100 %Score) Latest Updated
2024/2025 Comprehensive Questions A+ Graded Answers | 100% Pass


AC.L1-3.1.1[a] - ✔✔authorized users are identified.



AC.L1-3.1.1[b] - ✔✔processes acting on behalf of authorized users are identified.



AC.L1-3.1.1[c] - ✔✔devices (and other systems) authorized to connect to the system are identified.



AC.L1-3.1.1[d] - ✔✔system access is limited to authorized users.



AC.L1-3.1.1[e] - ✔✔system access is limited to processes acting on behalf of authorized users.



AC.L1-3.1.1[f] - ✔✔system access is limited to authorized devices (including other systems).



AC.L1-3.1.2[a] - ✔✔the types of transactions and functions that authorized users are permitted to
execute are defined.



AC.L1-3.1.2[b] - ✔✔system access is limited to the defined types of transactions and functions for
authorized users.



AC.L2-3.1.3[a] - ✔✔information flow control policies are defined.



AC.L2-3.1.3[b] - ✔✔methods and enforcement mechanisms for controlling the flow of CUI are defined.



AC.L2-3.1.3[c] - ✔✔designated sources and destinations (e.g., networks, individuals, and devices) for CUI
within the system and between interconnected systems are identified.



AC.L2-3.1.3[d] - ✔✔authorizations for controlling the flow of CUI are defined.

,AC.L2-3.1.3[e] - ✔✔approved authorizations for controlling the flow of CUI are enforced.



AC.L2-3.1.4[a] - ✔✔the duties of individuals requiring separation are defined.



AC.L2-3.1.4[b] - ✔✔responsibilities for duties that require separation are assigned to separate
individuals.



AC.L2-3.1.4[c] - ✔✔access privileges that enable individuals to exercise the duties that require
separation are granted to separate individuals.



AC.L2-3.1.5[a] - ✔✔privileged accounts are identified.



AC.L2-3.1.5[b] - ✔✔access to privileged accounts is authorized in accordance with the principle of least
privilege.



AC.L2-3.1.5[c] - ✔✔security functions are identified.



AC.L2-3.1.5[d] - ✔✔access to security functions is authorized in accordance with the principle of least
privilege.



AC.L2-3.1.6[a] - ✔✔nonsecurity functions are identified.



AC.L2-3.1.6[b] - ✔✔users are required to use non-privileged accounts or roles when accessing
nonsecurity functions.



AC.L2-3.1.7[a] - ✔✔privileged functions are defined.



AC.L2-3.1.7[b] - ✔✔non-privileged users are defined.



AC.L2-3.1.7[c] - ✔✔non-privileged users are prevented from executing privileged functions.

, AC.L2-3.1.7[d] - ✔✔the execution of privileged functions is captured in audit logs.



AC.L2-3.1.8[a] - ✔✔the means of limiting unsuccessful logon attempts is defined.



AC.L2-3.1.8[b] - ✔✔the defined means of limiting unsuccessful logon attempts is implemented.



AC.L2-3.1.9[a] - ✔✔privacy and security notices required by CUI-specified rules are identified,
consistent, and associated with the specific CUI category.



AC.L2-3.1.9[b] - ✔✔privacy and security notices are displayed.



AC.L2-3.1.10[a] - ✔✔the period of inactivity after which the system initiates a session lock is defined.



AC.L2-3.1.10[b] - ✔✔access to the system and viewing of data is prevented by initiating a session lock
after the defined period of inactivity.



AC.L2-3.1.10[c] - ✔✔previously visible information is concealed via a pattern-hiding display after the
defined period of inactivity.



AC.L2-3.1.11[a] - ✔✔conditions requiring a user session to terminate are defined.



AC.L2-3.1.11[b] - ✔✔a user session is automatically terminated after any of the defined conditions
occur.



AC.L2-3.1.12[a] - ✔✔remote access sessions are permitted.



AC.L2-3.1.12[b] - ✔✔the types of permitted remote access are identified.