Understanding the "Examine" Assessment Method in CMMC 2.0
CMMC 2.0 usesthree assessment methodsto evaluate security compliance:
Examine– Reviewing, inspecting, observing, studying, or analyzing assessment objects (e.g., policies, system documentation).
Interview– Speaking with personnel to verify knowledge and responsibilities.
Test– Performing technical validation to check system configurations.
Relevant CMMC 2.0 Reference:
TheCMMC Assessment Process (CAP)definesExamineas the method used toreview or analyze assessment objects, such as policies, procedures, configurations, and logs.
Why is the Correct Answer "Examine" (C)?
A. Test → Incorrect
"Test" involvesexecutinga function to validate its security (e.g., verifying access controls through a live system test).
B. Assess → Incorrect
"Assess" is a broad term; CMMC explicitly defines "Examine" as the method for reviewing documentation.
C. Examine → Correct
"Examine" is the official term forreviewing policies, procedures, configurations, or logs.
D. Interview → Incorrect
"Interview" involvesverbal discussions with personnel, not document analysis.
CMMC 2.0 References Supporting this Answer:
CMMC Assessment Process (CAP) Document
Defines "Examine" asanalyzing assessment objects (e.g., policies, procedures, logs, documentation).
NIST SP 800-171A
Specifies "Examine" as a method toreview security controls and configurations.
