New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cyber AB CMMC-CCA Exam - Topic 3 Question 5 Discussion

Actual exam question for Cyber AB's CMMC-CCA exam
Question #: 5
Topic #: 3
[All CMMC-CCA Questions]

While examining a contractor's audit and accountability policy, you realize they have documented types of events to be logged and defined content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activities. After the logs are analyzed, the results are fed into a system that automatically generates audit records stored for 30 days. However, mechanisms implementing system audit logging are lacking after several tests because they produce audit logs that are too limited. You find that generated logs cannot be independently used to identify the event they resulted from because the defined content specified therein is too limited. Additionally, you realize the logs are retained for 24 hours before they are automatically deleted. Which of the following is a potential assessment method for AU.L2-3.3.1 -- System Auditing?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed In-Depth Explanatio n:

AU.L2-3.3.1 requires 'creating and retaining audit records with sufficient content.' Examining procedures (A) verifies if defined content meets requirements, addressing the scenario's deficiency (limited logs). Testing procedures (B) isn't standard, testing configs (C) is secondary, and examining mechanisms (D) isn't a method---testing them is. The CMMC guide lists procedural examination as key.

Extract from Official CMMC Documentation:

CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.1: 'Examine procedures addressing audit record generation.'

NIST SP 800-171A, 3.3.1: 'Examine documented processes for content sufficiency.'

Resources:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf


by Nan at Oct 02, 2025, 07:31 AM

Limited Time Offer

25%

Off

Get Premium CMMC-CCA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Hester
2 months ago
Not sure if they can really fix this with just one method.
upvoted 0 times
...
Elvera
2 months ago
Wait, they only keep logs for 24 hours? That's way too short!
upvoted 0 times
...
Hailey
3 months ago
I think option A is also important to consider.
upvoted 0 times
...
Tyisha
3 months ago
I agree, option D seems like the best choice here.
upvoted 0 times
...
Oliva
3 months ago
Sounds like they need to improve their logging procedures.
upvoted 0 times
...
Nadine
3 months ago
I'm leaning towards testing procedures for audit records, but I wonder if that would cover the issues with log retention we talked about.
upvoted 0 times
...
Lasandra
4 months ago
I feel like we had a practice question about examining mechanisms for audit logging. That might be a good option to consider here.
upvoted 0 times
...
Dudley
4 months ago
I'm not entirely sure, but I think testing the system configuration settings could also be relevant since it might reveal how logs are managed.
upvoted 0 times
...
Roslyn
4 months ago
I remember we discussed the importance of examining procedures for audit record generation in class. It seems like a solid choice.
upvoted 0 times
...
Kimberely
4 months ago
Hmm, this is a tricky one. There are a lot of details to unpack here about the audit logging controls and their deficiencies. I think I'd start by carefully re-reading the question and making sure I fully understand the key problems - the limited audit record content and the short retention period. Then I'd consider the different assessment methods listed and try to determine which one would be most effective for evaluating those specific issues. Option D seems like the most logical choice, but I'd want to double-check my reasoning before committing to an answer.
upvoted 0 times
...
Carman
4 months ago
I feel pretty confident about this one. The question is clearly asking about the appropriate assessment method for evaluating the audit logging controls described in the scenario. Since the main problems seem to be with the audit record generation and retention, I'd say option D, examining the audit logging mechanisms, is the best approach. Options A and B could also be relevant, but D seems to be the most direct way to assess the core issues identified.
upvoted 0 times
...
Janna
4 months ago
Okay, this looks like a pretty straightforward question about assessing the audit logging controls. Based on the details provided, it seems like the key issues are that the logging mechanisms are lacking and the retention period is too short. I think I'd go with option D to examine the audit logging implementation, and potentially also test the controls around audit record management (option B).
upvoted 0 times
...
Doug
5 months ago
I'm a bit confused by this question. It seems to be asking about some specific audit and logging requirements, but I'm not sure exactly what the "AU.L2-3.3.1 -- System Auditing" part is referring to. I'll need to review my notes on audit and logging controls to see if I can figure out the right approach here.
upvoted 0 times
...

Save Cancel