Which resource contains authoritative data classifications of CUI?
Correct Answer:A
In late September. CA.L2-3.12.1: Periodically assess the security controls in organizational systems to determine if the controls are effective in their application is assessed. Procedure specifies that a security control assessment shall be conducted quarterly. The Lead Assessor is only provided the first quarter assessment report because the person conducting the second quarter's assessment is currently out of the office and will return to the office in two hours. Based on this information, the Lead Assessor should determine that the evidence is;
Correct Answer:B
Which statement BEST describes a LTP?
Correct Answer:B
A client uses an external cloud-based service to store, process, or transmit data that is reasonably believed to qualify as CUI. According to DFARS clause 252.204-7012. what set of established security requirements MUST that cloud provider meet?
Correct Answer:B
Evidence gathered from an OSC is being reviewed. Based on the assessment and
organizational scope, the Lead Assessor requests the Assessment Team to verify that the coverage by domain, practice. Host Unit. Supporting Organization/Unit, and enclaves are comprehensive enough to rate against each practice. Which criteria is the assessor referring to?
Correct Answer:C