Certified Cybersecurity Maturity Model Certification (CMMC) Professional (CCP) Practice Exam

What is required before allowing access to organizational information systems?

• A. Training users on keyboard shortcuts
• B. Authenticating the identities of users, devices, or processes
• C. Creating user accounts with multiple usernames
• D. Logging all user activity

The correct answer is: Authenticating the identities of users, devices, or processes

The requirement to authenticate the identities of users, devices, or processes is crucial for maintaining the security and integrity of organizational information systems. Authentication ensures that only authorized individuals or systems can access resources, thereby preventing unauthorized access that could lead to data breaches, information theft, or compromise of sensitive information. By verifying the identity of users through methods such as passwords, biometric scans, or multifactor authentication, organizations can establish a trusted environment where users are who they claim to be. This step is foundational in building a robust cybersecurity posture, as it lays the groundwork for further security measures and protocols. Training users on keyboard shortcuts may enhance usability and productivity, but it does not contribute to security protocols necessary for access control. Creating user accounts with multiple usernames can lead to confusion and mismanagement of access rights, potentially violating the principle of least privilege. Although logging user activity is important for monitoring and auditing, it occurs after access has already been granted, making it insufficient as a standalone measure for access control. Therefore, authenticating identities stands out as the essential prerequisite for granting access to organizational information systems.