Code of Professional Conduct Flashcards

1
Q

Which of the following principles is not at the core of any ethical code?
A. honesty
B. accountability
C. fairness
D. trustworthiness

A

C. fairness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following CMMC Ecosystem members are expected to follow the Code of Professional Conduct (CoPC)?
A. credentialed members
B. accredited members
C. licensed members
D. registered members
E. related individuals, entities, and industry working group members
F. all of the above

A

F. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The CMMC ecosystem model is created and managed by the Cybersecurity Maturity model Certification-Accreditation Body (CMMC-AB) to enhance the protection of controlled unclassified information (CUI).
A. True
B. False

A

B. False - it is created & controlled by the Department of Defense (DoD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your daughter, Kimberly, is the Vice President of Gamma Identity, and her company is consulted to implement a new multi-factor solution for a firm named Treasured Reporting. A year later, your firm is hired to conduct the formal C3PAO Certification Assessment of Treasured Reporting, and you are asked to serve as the Lead Assessor. In the discovery meeting, the CEO of Treasured Reporting asks if you are related to Kimberly from Gamma Identity. What are the following actions that you should take to adhere to the CoPC? Select all that apply.
A. Tell them no, this is a professional relationship, and they don’t need to know about your family.
B. Tell them yes, and ask if there is any concern about the relationship in the assessment scenario.
C. Tell them yes, and immediately ask for someone else to replace you on the assessment team.
D. Don’t discuss with the OSC, but instead note the issue on the Risk and Issue log, and bring it to the attention of the C3PAO as a documented item.
E. Include the issue with the final C3PAO reporting to CMMC-AB, noting that the OSC confirmed it was not an issue for them.

A

C. Tell them yes, and immediately ask for someone else to replace you on the assessment team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The DoD will maintain oversight of the assessment ecosystem and approve CMMC-AB’s Conflict of Interest policies.
A. True
B. False

A

A. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

“Do not mislead or exaggerate the services that our organization is authorized to deliver.” This statement is an example of which of the following CMMC CoPC Guiding Principles?
A. Objectivity
B. Professionalism
C. Confidentiality
D. Proper Use of Methods

A

B. Professionalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

It is acceptable for a CCA to offer a “money back” guarantee if the OSC does not attain certification.
A. True
B. False

A

B. False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assessment Team Members must no perform consulting services, nor provide specific guidance on how to address gaps identified before or during the assessment.
A. True
B. False

A

A. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During an assessment the OSC provides printed CUI. What is the best way to handle the CUI once the interview concludes?
A. Lock the CUI in your briefcase & shred it once you return to the hotel.
B. Leave the CUI in a folder on the conference table.
C. Keep it in your briefcase until the entire engagement is concluded.
D. Return the printed CUI to the OSC team members for control & proper disposal.

A

D. Return the printed CUI to the OSC team members for control & proper disposal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The CMMC-AB has established how many practices regarding the proper use of methods?
A. 5
B. 6
C. 7
D. 8

A

C. 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is not one of the six practices of the information integrity principle?
A. Offer guidance and support when gaps are discovered during the certification process.
B. Ensure the accuracy and authenticity of information.
C. Do not fill out evaluation materials for others.
D. Ensure the security of all information discovered or received during the course of delivering CMMC services.

A

A. Offer guidance and support when gaps are discovered during the certification process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

There are nine practices regarding information integrity.
A. True
B. False

A

B. False - there are only 6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The CMMC lead assessor is responsible for identifying potential conflicts of interest and documenting them in the Assessment Plan.
A. True
B. False

A

A. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

“Unless such permission is included in your agreement, always obtain written permission for distributing or changing materials and for including materials in other works.” This statement is one of the five practices regarding respect for intellectual property.
A. True
B. False

A

A. True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You must report convictions, guilty pleas, or no contest pleas to the CMMC-AB within 90 days.
A. True
B. False

A

B. False - you only have 30 days to report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which phase of the CMMC Assessment Process (CAP) are contracts and NDAs a part of?
A. Phase 1
B. Phase 2
C. Phase 3
D. Phase 4

A

A. Phase 1

17
Q

When a violation of the CoPC is observed and cannot be clarified or resolved, to whom should the violation be reported? Choose all that apply.
A. the Lead Assessor
B. the violator’s supervisor
C. anonymously to CoPC-Violations@cmmcab.org
D. the C3PAO

A

A. the Lead Assessor
C. anonymously to CoPC-Violations@cmmcab.org
D. the C3PAO

18
Q

Which of the following is an example of corrective action that may result from a violation investigation?
A. warning
B. remediation
C. suspension
D. denial or termination of CMMC accreditation
E. all of the above

A

E. all of the above

19
Q

What is the timeline to request a review of corrective action?
A. 30 days
B. 60 days
C. 90 days
D. 1 year

A

A. 30 days

20
Q

Certified Assessors can perform assessments for any OSC, provided the OSC has signed an agreement with a Service Provider Organization.
A. True
B. False

A

B. False

21
Q

Registered Practitioners can perform consulting services for an OSC through an RPO or C3PAO.
A. True
B. False

A

A. True