CVA Study Guide 2026
Everything you need to pass the CVA exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 CVA Exam Format at a Glance
📚 CVA Topics to Study (22)
✍️ Sample CVA Questions & Answers
1. Which device connects multiple networks together?
A router is a network device that forwards data packets between different computer networks. It operates at Layer 3 (the network layer) of the OSI model, using IP addresses to determine the best path for data transmission. Routers are essential for connecting local area networks (LANs) to wide area networks (WANs), such as the internet, enabling communication across disparate network segments.
2. Which Kubernetes misconfiguration exposes the cluster API server to unauthenticated access?
Enabling anonymous authentication on the Kubernetes API server allows unauthenticated users to interact with the cluster, potentially executing privileged operations.
3. Which cloud vulnerability involves functions or services that trigger other services in an uncontrolled chain, potentially leading to infinite loops or cost exhaustion?
Serverless resource exhaustion attacks exploit event-driven architectures to trigger cascading function invocations, causing denial of service or unexpected cost escalation.
4. During a vulnerability assessment, you identify a cross-site scripting vulnerability. What is the most impactful proof-of-concept to demonstrate to stakeholders?
Demonstrating actual session hijacking via XSS — stealing a session cookie and using it to authenticate as the victim — proves the real-world impact far more effectively than a simple alert popup.
5. Which type of scan involves simulating an attack to find vulnerabilities?
Penetration testing, often called 'pen testing,' is a simulated cyberattack against a computer system, network, or web application to check for exploitable vulnerabilities. Unlike vulnerability scanning, it actively attempts to exploit identified weaknesses to demonstrate the potential impact of a real attack. This provides a deeper understanding of an organization's security posture from an attacker's perspective.
6. Which physical security control is specifically designed to prevent tailgating by allowing only one person to enter per authentication event?
A mantrap (airlock) uses two interlocking doors where only one can open at a time, ensuring that only the authenticated individual can enter the secured area.