Certified Cybersecurity Maturity Model Certification (CMMC) Professional (CCP) Practice Exam

Which of the following is necessary for maintaining audit logs of physical access?

• A. Keeping logs for only high-level employees
• B. Maintaining logs for all physical accesses
• C. Only logging incidents of unauthorized access
• D. Logging access instances monthly

The correct answer is: Maintaining logs for all physical accesses

Maintaining logs for all physical accesses is essential for creating a comprehensive record of who enters and exits a facility, which serves multiple important functions. Firstly, having logs for every instance of physical access enables organizations to conduct thorough investigations if a security incident occurs. It provides a timeline and history of presence in sensitive areas, which can be crucial for incident response and forensic analysis. Additionally, comprehensive logging establishes accountability and can deter unauthorized access, as individuals are aware that their movements are being monitored. This level of detail ensures compliance with relevant standards and regulations requiring detailed record-keeping as part of a broader cybersecurity strategy. Moreover, when logs capture all physical accesses, organizations can identify patterns of behavior and make data-driven decisions regarding access control policies, security resource allocation, and facility management. In contrast, restricting logging to only high-level employees, logging unauthorized access incidents alone, or only maintaining logs monthly would likely compromise the effectiveness of the audit trail, limit data for investigations, and potentially overlook critical security events.