Exam CMMC-CCP Topic 3 Question 156 Discussion

Actual exam question for Cyber AB's CMMC-CCP exam
Question #: 156
Topic #: 3
A CMMC Assessment Team arrives at an OSC to begin a CMMC Level 2 Assessment. The team checks in at the front desk and lets the receptionist know that they are here to conduct the assessment. The receptionist is aware that the team is arriving today and points down a hallway where the conference room is. The receptionist tells the Lead Assessor to wait in the conference room. as someone will be there shortly. The receptionist fails to check for credentials and fails to escort the team. The receptionist's actions are in direct violation of which CMMC practice?

Suggested Answer: A Vote an answer

ThePhysical Protection (PE) domaininCMMC 2.0 Level 1includes the requirementPE.L1-3.10.3, which mandates that organizationsescort visitors and monitor their activity.
* TheCMMC Assessment Teamarrives at the OSC.
* Thereceptionist acknowledges their arrival but does not verify credentials or escort themto the appropriate location.
* Failing to verify visitor identity and failing to escort them is a violation of PE.L1-3.10.3.
* A: PE.L1-3.10.3: Escort visitors and monitor visitor activity##Correct
* This requirement ensures that visitorsdo not have unsupervised access to sensitive areas.
* The receptionistshould have checked credentials and escorted the assessment team.
* B: PE.L1-3.10.5: Control and manage physical access devices##Incorrect
* This requirement refers to managingkeys, access badges, and security devices, which isnot the issue in this scenario.
* C: PS.L2-3.9.1: Screen individuals prior to authorizing access to organizational systems containing CUI##Incorrect
* This control applies to personnel screeningsbefore granting access to CUI systems, not physical visitor access.
* D: PS.L2-3.9.2: Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers##Incorrect
* This requirement deals withoffboarding employees and ensuring they no longer have system access. It isnot relevant to visitor escorting.
* CMMC 2.0 Level 1 - PE.L1-3.10.3 (Physical Protection)
* Requires organizations toescort visitors and monitor visitor activityat facilities containingFCI or CUI.
* NIST SP 800-171 Rev. 2, Control 3.10.3
* States thatvisitors must be escorted and monitored at all timesto prevent unauthorized access.
Breaking Down the Scenario:Analysis of the Given Options:Official References Supporting the Correct answer:Conclusion:Since the receptionist failed to verify credentials and escort the visitors, this violatesPE.
L1-3.10.3.
#Correct Answer: A. PE.L1-3.10.3: Escort visitors and monitor visitor activity

by Jason at Jul 15, 2026, 10:02 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10