Cyber AB CMMC-CCA Exam - Topic 4 Question 6 Discussion

Actual exam question for Cyber AB's CMMC-CCA exam

Question #: 6
Topic #: 4

A contractor has retained you to assess compliance with CMMC practices as part of their triennial review. During your assessment of the AU domain, you discovered that the contractor has recently installed new nodes and servers on their network infrastructure. To assess their implementation of AU.L2-3.3.7 -- Authoritative Time Source, you trigger some events documented to meet AU.L2-3.3.1 -- System Auditing across both the new and existing systems, generating audit logs. Upon examining these logs, you notice inconsistencies in the timestamps between newly installed and previously existing nodes. Further investigation reveals that while the contractor has implemented a central Network Time Protocol (NTP) server as the authoritative time source, the new systems are configured to automatically adjust and synchronize their clocks only when the time difference with the NTP server exceeds 30 seconds. Based on this scenario, why is time synchronization with the NTP server necessary, and what is the recommended synchronization time?

ATo ensure that all systems record the audit logs using the same time source, with a recommended synchronization time of 1 second

BTo allow users to set their preferred time zones on individual systems, with a recommended synchronization time of 24 hours

CTo reduce the network bandwidth used by system clocks, with a recommended synchronization time of once a month

DTo increase the accuracy of digital clocks on devices, with a recommended synchronization time of 1 week

Show Suggested Answer

Suggested Answer: A

Comprehensive and Detailed In-Depth Explanatio n:

AU.L2-3.3.7 requires synchronization with an authoritative time source to 'generate consistent timestamps for audit records,' critical for correlating events across systems. The 30-second threshold causes inconsistencies, failing this requirement. The CMMC guide doesn't specify an exact time, but best practices (e.g., NIST) recommend 1 second for audit log accuracy, ensuring precise event sequencing. Options B, C, and D undermine audit integrity or practicality---user time zones aren't relevant, monthly syncs are too infrequent, and weekly syncs lack precision.

Extract from Official CMMC Documentation:

CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.7: 'Synchronization provides uniformity of timestamps for systems with multiple clocks.'

NIST SP 800-171A, 3.3.7: 'Best practice recommends synchronization within 1 second for audit accuracy.'

Resources:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf

by Wilda at Nov 19, 2025, 09:04 AM

Limited Time Offer

25%

Off

Get Premium CMMC-CCA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Owen

10 hours ago

Seriously, who thought 30 seconds was an acceptable time difference for a security audit? That's like saying "close enough" when defusing a bomb.

upvoted 0 times

...

Lawana

6 days ago

Increasing clock accuracy to 1 week? By that time, my grandkids will be running the company.

upvoted 0 times

...

Amina

11 days ago

Reducing network bandwidth by syncing once a month? That's like trying to save gas by only filling up your tank once a year.

upvoted 0 times

...

Wenona

16 days ago

Allowing users to set their own time zones defeats the purpose of a centralized time source. 1 second sync is the way to go.

upvoted 0 times

...

Rolland

21 days ago

The time synchronization is crucial for consistent audit logs, and 1 second is the recommended sync time to ensure accurate timestamps.

upvoted 0 times

...

Stephane

26 days ago

I thought the synchronization time was more about reducing bandwidth, but that doesn't seem right for this context. I guess A makes the most sense for accurate logging.

upvoted 0 times

...

Celestina

1 month ago

I vaguely recall something about NTP servers needing to sync within a specific timeframe, but I can't remember if it was 1 second or something else.

upvoted 0 times

...

Dawne

1 month ago

I think I came across a similar question in practice that emphasized the importance of having all systems aligned to the same time source for compliance. I feel like the answer is A, but I need to double-check.

upvoted 0 times

...

Lisandra

1 month ago

I remember that time synchronization is crucial for audit logs to be reliable, but I'm not entirely sure about the exact recommended synchronization time.

upvoted 0 times

...

Sherell

2 months ago

This seems straightforward enough. The time sync is crucial for the audit logs, and 1 second is the recommended interval to ensure consistency across the systems.

upvoted 0 times

...

Mozelle

2 months ago

I'm a bit confused about the different options here. I'll need to really analyze the details to determine the best answer.

upvoted 0 times

...

Whitney

2 months ago

Alright, I think I've got a handle on this. The time synchronization is important for consistent audit logs, and the recommended sync time is 1 second, based on the information provided.

upvoted 0 times

...

Moira

2 months ago

B) seems off. Users shouldn't set time zones for audits.

upvoted 0 times

...

Vallie

2 months ago

Agreed! Same time source is key. 1 second sync makes sense.

upvoted 0 times

...

Arlette

2 months ago

I think time sync is crucial for audit logs. A) is the best choice.

upvoted 0 times

...

Stevie

3 months ago

Definitely agree, 1 second is the way to go.

upvoted 0 times

...

Albina

3 months ago

Wait, 30 seconds? That's way too long for sync!

upvoted 0 times

...

Elinore

3 months ago

Okay, let's see. The question is asking about the necessity of time synchronization and the recommended sync time, so I'll need to focus on those key points.

upvoted 0 times

...

Lynsey

3 months ago

Hmm, this seems like a tricky one. I'll need to think carefully about the importance of time synchronization and the recommended best practices.

upvoted 0 times

...