Exam CMMC-CCA Topic 4 Question 133 Discussion

Actual exam question for Cyber AB's CMMC-CCA exam
Question #: 133
Topic #: 4
A midsized professional services organization that frequently contracts with government entities is undergoing a CMMC Level 2 assessment. The CCA interviews IT leadership about their audit logging capabilities and determines that a third-party vendor is responsible for correlating and reviewing audit logs.
During the interview, they discuss the process that has been implemented by the vendor to provide a monthly summary of their audit log review to the organization. What issue should the CCA resolve during the interview?

Suggested Answer: C Vote an answer

CMMC Level 2 requires that audit logs be reviewed and updated at least weekly to detect anomalies and potential security incidents. A vendor providing only monthly summaries does not meet the requirement. The assessor must resolve this issue to confirm compliance.
Exact Extracts (official CMMC Assessor/Study documents):
* AU.L2-3.3.7: "Review and update logged events, as well as the audit log, at least weekly."
* AU.L2-3.3.6: "Review and analyze information system audit records for indications of inappropriate or unusual activity and report findings."
* CMMC Level 2 Assessment Guide emphasizes: "Organizations must demonstrate procedures to review audit logs at least weekly, even when external vendors perform this function."
* NIST SP 800-171A states: "The frequency of review must be sufficient to detect anomalies in a timely manner... at least weekly is required." Why other options are not correct:
* A: Report generation capability is not the compliance issue; frequency of review is.
* B: Using a common authoritative time source (AU.L2-3.3.7) is important, but the deficiency here is frequency of log review, not time source.
* D: Third-party involvement is permitted if the OSC maintains control and ensures requirements (frequency, integrity, protection of CUI) are met.
References (official CCA/CMMC documents):
* CMMC Assessment Guide - Level 2, Version 2.13: Practices AU.L2-3.3.6 and AU.L2-3.3.7 (pp. 56-
60).
* NIST SP 800-171A, Audit and Accountability objectives.

by cmmcguy2 at May 07, 2026, 11:28 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
cmmcguy2
2026-05-07 11:28:29
Incorrect. 800-171A nor the assessment guide define a time of weekly
upvoted 1 times
...
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10