CMMC Assessment Process (CAP) for CCP

Sample Practice Questions

1. Question 1

   During an assessment, which phase of the process identifies conflicts of interest?
   1. A. Analyze requirements.
   2. B. Develop assessment plan.
   3. C. Verify readiness to conduct assessment.
   4. D. Generate final recommended assessment results.
   Explanation

   The correct answer is: C. Verify readiness to conduct assessment..

   Conflicts of interest are identified during Phase 1 of the CMMC Assessment Process — specifically during the 'Verify readiness to conduct assessment' activity. Identifying COIs early ensures they can be disclosed, documented in the assessment plan, and mitigated before the assessment proceeds; surfacing a conflict mid-assessment would compromise the integrity of work already done. 'Analyze requirements' and 'Develop assessment plan' are other Phase 1 activities, but readiness verification is where the explicit COI check sits. 'Generate final recommended assessment results' is a Phase 3 activity — too late for COI identification. Reading the CAP's Phase 1 task list carefully helps CCP candidates map COI work to readiness verification.

2. Question 2

   The Assessment Team has completed Phase 2 of the Assessment Process. In conducting Phase 3 of the Assessment Process, the Assessment Team is reviewing evidence to address Limited Practice Deficiency Corrections. How should the team score practices in which the evidence shows the deficiencies have been corrected?
   1. A. MET
   2. B. POA&M
   3. C. NOT MET
   4. D. NOT APPLICABLE
   Explanation

   The correct answer is: A. MET.

   When the Assessment Team enters Phase 3 (Report Recommended Findings) and is reviewing whether previously-deficient practices have been corrected via Limited Practice Deficiency Corrections, practices for which the new evidence shows the deficiency is resolved are scored MET. This reflects the assessment's most current state of evidence — if the OSC has demonstrably remediated the gap during the assessment window, the practice now meets the requirement. Scoring it POA&M would be wrong because there is no remaining deficiency to track. Scoring it NOT MET would ignore the corrective work. Scoring it NOT APPLICABLE would only apply if the practice were genuinely outside the scope's applicability. MET is the right outcome when corrections are verified.

3. Question 3

   What is the LAST step when developing an assessment plan for an OSC?
   1. A. Verify the readiness to conduct the assessment.
   2. B. Perform certification assessment readiness review.
   3. C. Update the assessment plan and schedule as needed.
   4. D. Obtain and record commitment to the assessment plan.
   Explanation

   The correct answer is: D. Obtain and record commitment to the assessment plan..

   The final step in developing an Assessment Plan is obtaining and recording commitment to the plan from the parties who must execute it — the C3PAO and the OSC's Assessment Official. Commitment ensures all sides have agreed on scope, schedule, team, evidence approach, and logistics before Phase 2 begins, and the recorded commitment becomes the audit trail showing the plan was approved. Verifying readiness is a separate Phase 1 activity that precedes plan finalization. Performing certification assessment readiness review is part of readiness, not the last plan-development step. Updating the plan and schedule as needed is an ongoing activity throughout planning. Recording commitment is the closing-out activity that gates Phase 2.

4. Question 4

   While developing an assessment plan for an OSC, it is discovered that the certified assessor will be interviewing a former college roommate. What is the MOST correct action to take?
   1. A. Do not inform the OSC and the C3PAO of the possible conflict of interest, and continue as planned.
   2. B. Inform the OSC and the C3PAO of the possible conflict of interest, and start the entire process over without the conflicted team member.
   3. C. Inform the OSC and the C3PAO of the possible conflict of interest but since it has been an acceptable amount of time since college, no conflict of interest exists, and continue as planned.
   4. D. Inform the OSC and the C3PAO of the possible conflict of interest, document the conflict and mitigation actions in the assessment plan, and if the mitigation actions are acceptable, continue with the assessment.
   Explanation

   The correct answer is: D. Inform the OSC and the C3PAO of the possible conflict of interest, document the conflict and mitigation actions in the assessment plan, and if the mitigation actions are acceptable, continue with the assessment..

   When a certified assessor discovers they will be interviewing a former college roommate during an assessment, the situation creates a potential conflict of interest under the CMMC-AB Code of Professional Conduct. The correct action is to disclose the relationship to both the OSC and the C3PAO, document the conflict and proposed mitigation actions in the assessment plan, and proceed only if the mitigation actions are accepted. Mitigation might include having a different team member conduct the interview, or having multiple team members attend together. Failing to disclose violates the CoPC outright. Restarting the entire process is excessive when documented mitigation is available. Asserting that 'enough time has passed' that no COI exists abandons the apparent-COI standard the CoPC explicitly requires.

5. Question 5

   The evidence needed for each practice and/or process is weight for:
   1. A. adequacy and sufficiency.
   2. B. adequacy and thoroughness.
   3. C. sufficiency and thoroughness.
   4. D. sufficiency and appropriateness.
   Explanation

   The correct answer is: A. adequacy and sufficiency..

   Evidence in CMMC is weighed against two criteria: adequacy (the right type of evidence for the practice being assessed) and sufficiency (enough evidence to confidently cover the relevant scope). Both must be met for a practice to score MET. 'Thoroughness' and 'appropriateness' are colloquial near-synonyms but not the formal CAP criteria; the canonical pair is adequacy and sufficiency. CCP candidates should commit this terminology to memory because it appears throughout the CAP and the assessment guides whenever evidence quality is discussed.

Other CCP domains

• CMMC Governance and Source Documents (20 questions)
• CMMC Model Construct and Implementation Evaluation (46 questions)
• Scoping (21 questions)