Question 9 - Cyber AB CMMC-CCP Real Exam Questions [March 2026 Update]

Q: 9

In many organizations, the protection of FCI includes devices that are used to scan physical documentation into digital form and print physical copies of digital FCI. What technical control can be used to limit multi-function device (MFD) access to only the systems authorized to access the MFD?

Options

Correct Answer:

Explanation

Virtual LANs (VLANs) are a technical control used to logically segment a physical network into separate broadcast domains. By placing multi-function devices (MFDs) on a dedicated, restricted VLAN, an organization can enforce strict access control. Network policies and Access Control Lists (ACLs) can then be applied to the router or layer-3 switch managing inter-VLAN traffic, ensuring that only explicitly authorized systems or subnets can communicate with the MFDs. This method directly addresses the requirement to limit MFD access to only authorized systems, thereby protecting the Federal Contract Information (FCI) they process.

Why Incorrect

B. Single administrative account: This is a poor administrative practice that violates the principles of individual accountability and non-repudiation; it does not control system-level network access.

C. Documentation showing MFD configuration: Documentation is an administrative control, not a technical one. It describes the security posture but does not actively enforce any access restrictions.

D. Access lists only known to the IT administrator: While access lists are a valid technical control, this option suggests security through obscurity, which is not a robust security principle. VLANs provide a more structured and comprehensive segmentation framework.

---

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-171

Revision 2

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

Reference: Control 3.1.3

"Control the flow of CUI in accordance with approved authorizations." The discussion section states

"Flow control restrictions include... separating CUI into separate physical domains or logical domains (e.g.

subnets)." VLANs are a primary technology for implementing logical domains/subnets to control information flow. (Page 17)

2. Cybersecurity and Infrastructure Security Agency (CISA)

Network Segmentation Cheat Sheet.

Reference: The document outlines network segmentation as a key defensive strategy. It states

"Virtual Local Area Networks (VLANs) are the most common method of network segmentation... VLANs allow network administrators to partition their switched network based on functional requirements... regardless of the users’ physical location." This supports using VLANs to isolate devices like MFDs. (Page 1)

3. Carnegie Mellon University

Software Engineering Institute (SEI)

Network Segmentation and Segregation for Information System Protection

CMU/SEI-2016-TN-017.

Reference: Section 3.2

"Virtual Local Area Networks (VLANs)." This section describes VLANs as a fundamental technology for logical network segmentation to create security zones and control traffic between them using access control lists

directly aligning with the scenario. (Page 7)

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE