CCA Study Guide 2026
Everything you need to pass the CCA exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 CCA Exam Format at a Glance
📚 CCA Topics to Study (22)
✍️ Sample CCA Questions & Answers
1. What type of sensitive information does CMMC Level 2 specifically aim to protect?
CMMC Level 2 is designed to protect Controlled Unclassified Information (CUI) in the defense supply chain, requiring the full 110 NIST SP 800-171 practices.
2. Which DFARS clause requires defense contractors to implement NIST SP 800-171 and report cyber incidents?
DFARS 252.204-7012 requires defense contractors to implement NIST SP 800-171 security requirements and report cyber incidents involving covered contractor information systems within 72 hours.
3. What is the primary function of multi-factor authentication (MFA)?
MFA adds an additional layer of security by requiring two or more verification factors to access systems.
4. What is the minimum number of assessors required for a CMMC Level 2 certification assessment conducted by a C3PAO?
CMMC Level 2 certification assessments require a team of at least two CCAs to ensure objectivity and thoroughness.
5. What is the role of configuration baselines in CMMC vulnerability management?
Configuration baselines establish the approved secure configuration state, enabling organizations to detect deviations that may introduce vulnerabilities or indicate compromise.
6. What is the purpose of interviewing personnel during a CMMC assessment?
Interviews with knowledgeable personnel provide context, clarify how practices are actually implemented day-to-day, and can surface discrepancies between documented procedures and actual practice.