CVA Study Guide 2026

Everything you need to pass the CVA exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.

📋 CVA Exam Format at a Glance

100
Questions
120 min
Time Limit
70.00%
Passing Score

📚 CVA Topics to Study (22)

✍️ Sample CVA Questions & Answers

1. Which device connects multiple networks together?
Router

A router is a network device that forwards data packets between different computer networks. It operates at Layer 3 (the network layer) of the OSI model, using IP addresses to determine the best path for data transmission. Routers are essential for connecting local area networks (LANs) to wide area networks (WANs), such as the internet, enabling communication across disparate network segments.

2. Which Kubernetes misconfiguration exposes the cluster API server to unauthenticated access?
Leaving the API server accessible on port 6443 without authentication (anonymous-auth=true)

Enabling anonymous authentication on the Kubernetes API server allows unauthenticated users to interact with the cluster, potentially executing privileged operations.

3. Which cloud vulnerability involves functions or services that trigger other services in an uncontrolled chain, potentially leading to infinite loops or cost exhaustion?
Resource exhaustion / event-driven attack

Serverless resource exhaustion attacks exploit event-driven architectures to trigger cascading function invocations, causing denial of service or unexpected cost escalation.

4. During a vulnerability assessment, you identify a cross-site scripting vulnerability. What is the most impactful proof-of-concept to demonstrate to stakeholders?
Demonstrate session hijacking by stealing and using a session cookie via the XSS payload

Demonstrating actual session hijacking via XSS — stealing a session cookie and using it to authenticate as the victim — proves the real-world impact far more effectively than a simple alert popup.

5. Which type of scan involves simulating an attack to find vulnerabilities?
Penetration testing

Penetration testing, often called 'pen testing,' is a simulated cyberattack against a computer system, network, or web application to check for exploitable vulnerabilities. Unlike vulnerability scanning, it actively attempts to exploit identified weaknesses to demonstrate the potential impact of a real attack. This provides a deeper understanding of an organization's security posture from an attacker's perspective.

6. Which physical security control is specifically designed to prevent tailgating by allowing only one person to enter per authentication event?
Mantrap (airlock)

A mantrap (airlock) uses two interlocking doors where only one can open at a time, ensuring that only the authenticated individual can enter the secured area.

🎯 Free CVA Practice Tests

📖 CVA Guides & Articles

Your CVA Study Path
1. Learn with Flashcards → 2. Drill Practice Tests → 3. Take the Full Exam Simulation