Cyber AB CMMC-CCA Exam With Confidence Using Practice Dumps

Access Control (AC): Wi-Fi access must be restricted to authorized users and devices. CMMC Level 2 incorporates NIST SP 800-171 AC requirements to limit and control access to systems and resources.

Identification and Authentication (IA): Wireless access requires authentication to ensure only authorized individuals/devices can connect (e.g., WPA2-Enterprise, certificates, or strong passwords).

System and Communications Protection (SC): Wi-Fi encryption and secure configuration protect data-in-transit from interception or unauthorized disclosure.

Why Other Options Are Incorrect:

A (MP, AC, PE): Media protection and physical protection are not primary domains for Wi-Fi configuration.

B (IA, MP, SI): Media protection and system/information integrity do not directly address Wi-Fi security.

D (SC, SI, PE): Physical and integrity controls are not central to wireless access security.

References (CCA Official Sources):

CMMC Model v2.0 — Domains AC, IA, SC

NIST SP 800-171 Rev. 2 — AC.L2-3.1.1, IA.L2-3.5.3, SC.L2-3.13.8 (wireless access, identification/authentication, protection of communications)

NIST SP 800-171A — Associated assessment objectives verifying Wi-Fi control and encryption

===========

The Physical Protection (PE) requirements require that systems containing FCI or CUI be placed in controlled-access facilities with safeguards against unauthorized physical access.

Extract from PE.L2-3.10.1:

“Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.”

Thus, ensuring that the VMs run on hardware located in a controlled-access facility is the correct method to meet physical security requirements.

The Examine assessment method requires the assessor to review policies, processes, and procedures that are finalized and approved, not drafts or informal materials. This ensures the OSC has formally documented, management-approved artifacts supporting each practice. Drafts, in-process training materials, or incomplete diagrams do not satisfy the “Examine” method requirements.

Exact extracts:

“Examine: Review, inspect, and analyze assessment objects, such as policies, procedures, and system documentation.”

“Examine requires finalized artifacts; draft or incomplete materials do not constitute valid evidence.”

Why the other options are incorrect:

A: “Mailed form” is irrelevant — only completeness and approval matter.

C: Training materials are not substitutes for policy/process evidence.

D: Draft diagrams do not satisfy final documentation requirements.