Exam CMMC-CCP Topic 2 Question 214 Discussion
Actual exam question for Cyber AB's CMMC-CCP exam
Question #: 214
Topic #: 2
Question #: 214
Topic #: 2
In many organizations, the protection of FCI includes devices that are used to scan physical documentation into digital form and print physical copies of digital FCI. What technical control can be used to limit multi- function device (MFD) access to only the systems authorized to access the MFD?
Suggested Answer: A Vote an answer
Understanding Multi-Function Device (MFD) Security in CMMCMulti-function devices (MFDs), such asscanners, printers, and copiers,process, store, and transmit FCI, making them apotential attack surfacefor unauthorized access.
Thebest technical controlto limit MFD access to only authorized systems isVirtual LAN (VLAN) restrictions, whichsegment and isolate network traffic.
VLAN Restrictions Provide Network Segmentation
VLANsisolate the MFDfrom unauthorized systems, ensuringonly approved devicescan communicate with it.
Prevents unauthorized network access bylimiting connectionsto specific IPs or subnets.
Meets CMMC 2.0 Network Security Controls
Aligns withCMMC System and Communications Protection (SC) Practicesfor network segmentation and access control.
Reducesthe risk of unauthorized access to scanned and printed FCI.
B). Single administrative account#Incorrect
Asingle admin accountdoes not restrict accessbetween devices, only controlswho can configurethe MFD.
C). Documentation showing MFD configuration#Incorrect
Documentation helps with compliance butdoes not actively restrict access.
D). Access lists only known to the IT administrator#Incorrect
Access lists should besystem-enforced, not just "known" to the administrator.
CMMC Practice SC.3.192 (Network Segmentation)- Requires restricting access usingnetwork segmentation techniques such as VLANs.
NIST SP 800-171 (SC Family)- Supportsisolation of sensitive devicesusing VLANs and other segmentation controls.
Why the Correct Answer is "A. Virtual LAN (VLAN) Restrictions"?Why Not the Other Options?Relevant CMMC 2.0 References:Final Justification:SinceVirtual LAN (VLAN) restrictions enforce access control at the network level, the correct answer isA. Virtual LAN (VLAN) restrictions.
Thebest technical controlto limit MFD access to only authorized systems isVirtual LAN (VLAN) restrictions, whichsegment and isolate network traffic.
VLAN Restrictions Provide Network Segmentation
VLANsisolate the MFDfrom unauthorized systems, ensuringonly approved devicescan communicate with it.
Prevents unauthorized network access bylimiting connectionsto specific IPs or subnets.
Meets CMMC 2.0 Network Security Controls
Aligns withCMMC System and Communications Protection (SC) Practicesfor network segmentation and access control.
Reducesthe risk of unauthorized access to scanned and printed FCI.
B). Single administrative account#Incorrect
Asingle admin accountdoes not restrict accessbetween devices, only controlswho can configurethe MFD.
C). Documentation showing MFD configuration#Incorrect
Documentation helps with compliance butdoes not actively restrict access.
D). Access lists only known to the IT administrator#Incorrect
Access lists should besystem-enforced, not just "known" to the administrator.
CMMC Practice SC.3.192 (Network Segmentation)- Requires restricting access usingnetwork segmentation techniques such as VLANs.
NIST SP 800-171 (SC Family)- Supportsisolation of sensitive devicesusing VLANs and other segmentation controls.
Why the Correct Answer is "A. Virtual LAN (VLAN) Restrictions"?Why Not the Other Options?Relevant CMMC 2.0 References:Final Justification:SinceVirtual LAN (VLAN) restrictions enforce access control at the network level, the correct answer isA. Virtual LAN (VLAN) restrictions.
by Laura at Jun 24, 2026, 12:24 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).