Cyber AB CMMC-CCA Exam - Topic 1 Question 4 Discussion

Actual exam question for Cyber AB's CMMC-CCA exam

Question #: 4
Topic #: 1

When assessing a contractor's implementation of CMMC practices, you examine its SystemSecurity Plan (SSP) to identify its documented measures for audit reduction and reporting. They have a dedicated section in their SSP addressing the Audit and Accountability requirements. You proceed to interview their information security personnel, who informed you that the contractor has a dedicated Security Operations Center (SOC) and uses Splunk to reduce and report audit logs. What key features regarding the deployment of Splunk for AU.L2-3.3.6 -- Reduction & Reporting would you be interested in assessing?

AEnsure that Splunk is configured with appropriate RBAC to restrict access to log data, reports, and dashboards, ensuring that only authorized personnel can view or modify audit logs

BEnsure Splunk can retain audit records for a protracted amount of time

CEnsure that Splunk employs various filter rules for reducing audit logs to eliminate non-essential data and processes to analyze large volumes of log files or audit information, identifying anomalies and summarizing the data in a format more meaningful to analysts, thus generating customized reports

DEnsure Splunk can support compliance dashboards that provide real-time visibility into CMMC compliance status

Show Suggested Answer

Suggested Answer: C

Comprehensive and Detailed In-Depth Explanatio n:

AU.L2-3.3.6 requires 'audit reduction and report generation capabilities.' Key features to assess in Splunk are filtering to reduce logs and analysis/reporting (C), directly meeting objectives [a] and [b]. RBAC (A) relates to AU.L2-3.3.8, retention (B) to AU.L2-3.3.2, and dashboards (D) aren't required, per CMMC focus.

Extract from Official CMMC Documentation:

CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.6: 'Assess tools for [a] reducing logs via filters, [b] generating reports with analysis.'

NIST SP 800-171A, 3.3.6: 'Examine reduction and reporting functions.'

Resources:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf

by Denny at Oct 05, 2025, 05:22 AM

Limited Time Offer

25%

Off

Get Premium CMMC-CCA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Adelina

2 months ago

I feel like A and D together create a strong security posture.

upvoted 0 times

...

Carey

2 months ago

All options have merit, but I lean towards C for effective analysis.

upvoted 0 times

...

Lenna

3 months ago

True, but if logs aren't retained long enough, we lose valuable data. Option B matters!

upvoted 0 times

...

Elbert

3 months ago

Option D is important too. Real-time dashboards help in monitoring compliance.

upvoted 0 times

...

Mabel

3 months ago

Agreed! Anomalies need to be highlighted for quick action.

upvoted 0 times

...

Arlene

4 months ago

I prefer option C. Filtering logs is essential to manage data overload.

upvoted 0 times

...

Sarah

4 months ago

Definitely! Without proper access control, logs can be compromised.

upvoted 0 times

...

Georgeanna

4 months ago

Retention policies are important, but how long is "protracted"?

upvoted 0 times

...

Lynelle

4 months ago

Compliance dashboards are a must for real-time insights!

upvoted 0 times

...

Odelia

4 months ago

Wait, can Splunk really handle that much data efficiently?

upvoted 0 times

...

Nelida

4 months ago

I agree, access control is crucial for security!

upvoted 0 times

...

Desire

5 months ago

Splunk should definitely have RBAC set up for log access.

upvoted 0 times

...

Stephaine

5 months ago

I think option D is also relevant since having compliance dashboards can help track CMMC status in real-time, but I’m not sure how that ties into the overall audit process.

upvoted 0 times

...

Shawnda

5 months ago

I feel like option C is crucial because filtering out non-essential data can really help in identifying anomalies. We practiced a similar question about log analysis last week.

upvoted 0 times

...

Whitney

5 months ago

I'm a bit unsure about how long audit records should be retained. I think option B is important, but I can't recall the specific timeframes we talked about.

upvoted 0 times

...

Ramonita

5 months ago

I think option A is crucial. RBAC is key for security.

upvoted 0 times

...

Margot

6 months ago

I remember we discussed the importance of RBAC in our last study session, so I think option A is definitely something I would focus on.

upvoted 0 times

...

Kanisha

6 months ago

Haha, I bet the contractor's IT team is hoping you don't dig too deep into their Splunk setup. Option C is the way to go.

upvoted 0 times

...

Camellia

6 months ago

Definitely C. Reducing the noise and highlighting the important stuff is what I'd be looking for.

upvoted 0 times

...

Silvana

7 months ago

Agreed, C is the most comprehensive answer. Splunk's ability to filter and summarize audit data is essential.

upvoted 0 times

...

Truman

7 months ago

Option C seems to cover the key features I would want to assess. Reducing audit logs and generating meaningful reports is crucial.

upvoted 0 times

...

Elli

7 months ago

Whoa, lots of details to cover here. I better make sure I don't miss anything important when assessing their Splunk implementation.

upvoted 0 times

...

Glendora

7 months ago

I feel pretty confident about this one. Splunk has a lot of great features for audit management, so I just need to make sure I understand how they're applying it to meet the CMMC standards.

upvoted 0 times

...

Francene

7 months ago

The question is asking about specific features, so I'll need to make sure I hit on all the key points like access control, retention, filtering, and reporting capabilities.

upvoted 0 times

...

Tasia

8 months ago

Okay, so they're using Splunk - that's good, it's a powerful tool. I'll want to dig into how they've configured it to meet the specific CMMC requirements.

upvoted 0 times

...