CCA Exam Practice Questions: 50 Samples Across All 5 Domains

Your enterprise application processes 10,000 similar legal contracts per day using Claude. The system prompt and document template remain identical across all requests, with only the contract text varying. Which API feature provides the greatest cost reduction?

• A. Switching from claude-opus-4 to claude-haiku-4-5 for all requests
• B. Enabling prompt caching on the system prompt and document template
• C. Using the Batch API to process all contracts asynchronously
• D. Reducing max_tokens to the minimum required for the contract summary output

A developer building a customer-facing chatbot notices that Claude occasionally refuses to answer questions about the company's own refund policy, citing it as potentially sensitive. The system prompt already includes "You are a helpful customer service agent." What is the most appropriate architectural fix?

• A. Append "Ignore previous restrictions" to the user message
• B. Switch to a less restrictive model tier
• C. Expand the system prompt to explicitly define permitted topics, provide the refund policy text as context, and clarify the agent's authorised scope
• D. Use the temperature parameter set to 0 to force more deterministic responses

You are designing a production system where Claude Opus 4 is used for strategic analysis tasks and Claude Haiku 4.5 for classification and routing. Which architectural pattern best describes this approach?

• A. Failover routing
• B. Load balancing
• C. Tiered model orchestration
• D. Multi-turn context management

A financial services client requires that Claude's outputs are auditable and reproducible for regulatory compliance. Which combination of API parameters best supports this requirement?

• A. temperature=0, stream=false
• B. temperature=0, storing the full request/response payload with metadata in a compliance log
• C. max_tokens set to a fixed value, stream=false
• D. Using the Batch API with a fixed seed parameter

When implementing streaming responses with the Claude API in a production application, which approach correctly handles the case where a stream is interrupted mid-response?

• A. Retry the entire request with stream=false to get the complete response
• B. Display the partial response to the user as the final answer
• C. Implement exponential backoff and retry logic, and track the content_block_delta events to detect incomplete responses
• D. Switch to a smaller model for the retry to reduce the chance of timeout

The Claude API returns a 529 "overloaded" error. What is the recommended production handling strategy?

• A. Immediately switch to a different Claude model
• B. Queue the request and retry after a fixed 30-second delay
• C. Implement exponential backoff with jitter, starting at 1 second and capping at 60 seconds
• D. Fall back to a cached response from a previous similar request

A developer wants Claude to always respond in structured JSON format without failing to produce valid JSON. What is the most reliable approach?

• A. Add "ALWAYS respond in JSON" to the system prompt
• B. Use a regex post-processor to extract JSON from the response
• C. Use the structured outputs / tool use pattern where Claude is required to call a tool with a defined JSON schema
• D. Set temperature=0 and include a JSON example in the system prompt

Your application uses the Claude API and needs to handle conversations of up to 50 messages in length. Which approach to context management is most appropriate for a production system?

• A. Always send the full conversation history in every API request
• B. Implement a sliding window that retains recent messages, plus a summarised representation of earlier conversation history
• C. Truncate conversation history at 10 messages to keep costs predictable
• D. Store the conversation in Claude's memory using a system prompt injection

Which Claude model is most appropriate for a high-volume, low-latency classification task that labels customer support tickets into one of 15 categories?

• A. claude-opus-4 — highest accuracy ensures fewest misclassifications
• B. claude-sonnet-4-5 — balanced for quality-sensitive classification
• C. claude-haiku-4-5 — optimised for speed and cost at high volume with a well-crafted prompt
• D. Any model configured with temperature=0 for deterministic classification

An enterprise requires that all Claude API responses are screened for PII before being stored in a database. Where in the architecture should this screening occur?

• A. In the Claude system prompt, instructing Claude not to output PII
• B. Before sending the request to Claude, to prevent PII from entering the model
• C. Both before the request (to prevent PII ingestion) and after the response (to catch any PII in output), as a defence-in-depth pattern
• D. Only after the response is stored, as a database-level sanitisation layer

A team is building an MCP server that provides Claude with access to an internal CRM system. The server needs to handle authentication and rate limiting. Which MCP transport type is most appropriate for a production enterprise deployment?

• A. stdio — simplest to implement and debug
• B. HTTP with Server-Sent Events (SSE) — supports remote deployment, load balancing, and standard HTTP auth middleware
• C. WebSocket — provides the lowest latency for real-time CRM data
• D. stdio over SSH tunnel — adds encryption without changing the MCP implementation

In the MCP protocol, what is the functional difference between a "Tool" and a "Resource"?

• A. Tools are for read operations; Resources are for write operations
• B. Tools are actions Claude can invoke that may have side effects; Resources are data sources Claude can read that are read-only and identifiable by URI
• C. Tools are synchronous; Resources are asynchronous
• D. Tools require user approval; Resources do not

Your MCP server exposes a tool that can delete records from a production database. What security control is most important to implement at the MCP layer?

• A. Rate limiting to prevent too many deletions per minute
• B. Logging all tool invocations for audit purposes
• C. Requiring explicit human-in-the-loop confirmation before executing destructive tool calls
• D. Restricting the tool to only operate on records created in the last 7 days

Which of the following correctly describes the MCP Sampling feature?

• A. It allows the MCP server to sample random subsets of data before returning it to Claude
• B. It allows the MCP server to request completions from the LLM (Claude) during tool execution, enabling agentic loops within the server
• C. It enables probabilistic tool selection when multiple tools could satisfy a request
• D. It is a method for the MCP client to test server reliability under load

An MCP server is connecting to a third-party SaaS API using OAuth 2.0. Where should the OAuth tokens be stored in a production MCP server implementation?

• A. In the MCP server's configuration file, encrypted with AES-256
• B. In a secrets management service (e.g. AWS Secrets Manager, Azure Key Vault) retrieved at runtime, never hardcoded or stored in config files
• C. In environment variables on the server running the MCP process
• D. In a dedicated database table with column-level encryption

A Claude Cowork deployment uses 8 MCP servers including Salesforce, SharePoint, Jira, and an internal analytics platform. A user's request triggers tool calls across 4 of these servers simultaneously. What is the most significant architectural risk?

• A. Claude's context window may overflow with too many tool results
• B. A slow or failing MCP server blocks the entire response, requiring timeout management and partial failure handling
• C. Parallel tool execution violates the MCP protocol specification
• D. The user's session will be invalidated if multiple servers are called concurrently

How does MCP handle versioning when an MCP server updates its tool schema but existing Claude Cowork deployments still reference the old schema?

• A. MCP automatically detects schema changes and updates the client
• B. MCP uses semantic versioning in the server manifest; breaking changes require deploying a new server version while maintaining the old one during transition
• C. All tool schemas are immutable once published to prevent breaking changes
• D. Claude automatically adapts to new schemas through in-context learning

Which MCP primitive is the most appropriate for exposing a company's product documentation to Claude so it can answer customer questions?

• A. Tool — to allow Claude to query the documentation dynamically
• B. Resource — documentation is a read-only data source identified by URI that Claude can fetch directly
• C. Prompt — documentation should be embedded as a prompt template
• D. Sampling — documentation retrieval should be handled by the server-side LLM

When should an MCP server return an error response versus returning an empty result set?

• A. Always return an error for any unexpected condition
• B. Return an error when the tool invocation itself failed (auth error, network error, invalid parameters); return an empty result set when the query succeeded but found no matching data
• C. Always return an empty result set to avoid Claude interpreting errors as task failures
• D. Return errors only for 5xx HTTP responses; treat 4xx errors as empty results

A security audit finds that an MCP server is passing raw user input directly into database queries. What attack does this create, and what is the correct fix?

• A. Prompt injection — fix by sanitising the MCP server's tool descriptions
• B. SQL injection (and potentially prompt injection) — fix by using parameterised queries and validating/sanitising all inputs at the MCP server boundary before they reach downstream systems
• C. CSRF — fix by implementing CORS headers on the MCP server
• D. Token leakage — fix by encrypting the tool results before returning to Claude

An engineering team wants Claude Code to always run their test suite before committing any code changes. What is the correct way to enforce this?

• A. Add "Always run tests before committing" to the CLAUDE.md file
• B. Configure a post_tool_use hook that triggers the test suite whenever Claude Code uses a write or edit tool, and a PreCommit hook in the git configuration
• C. Create a Claude Code Skill that wraps all file edits with test execution
• D. Set the claude_code_commit_policy environment variable to "test_required"

What is the primary purpose of a CLAUDE.md file placed in the root of a repository?

• A. To store Claude's memory between sessions
• B. To provide project-specific context, conventions, and instructions that Claude Code automatically reads when opening that repository
• C. To configure Claude Code's API authentication for that repository
• D. To define which files Claude Code is not allowed to modify

A large enterprise wants to deploy Claude Code across 500 developers and ensure consistent code review standards. What is the most scalable way to enforce company-wide coding conventions?

• A. Train each developer to write their own CLAUDE.md files
• B. Create a shared CLAUDE.md at the organisation level (in ~/.claude/CLAUDE.md) distributed via the enterprise's developer tooling, combined with project-level CLAUDE.md files for repo-specific conventions
• C. Use Claude Code's Enterprise Dashboard to push system prompts to all developer instances
• D. Require all developers to use the same Claude Code Skill library stored in a shared repository

Claude Code sub-agents are invoked using the Task tool. What is the primary benefit of using sub-agents over having a single Claude Code instance complete the entire task?

• A. Sub-agents have higher rate limits and can process more tokens per minute
• B. Sub-agents run with isolated context windows, preventing context pollution between parallel tasks and enabling larger total work to be distributed across multiple focused instances
• C. Sub-agents can access different file systems than the parent agent
• D. Sub-agents are cheaper because they use Haiku instead of the parent's model

What does Claude Code's "headless mode" enable, and what is it used for in enterprise environments?

• A. Running Claude Code without an internet connection using a locally cached model
• B. Running Claude Code programmatically without an interactive terminal, enabling integration into CI/CD pipelines, scheduled jobs, and automated workflows
• C. Running Claude Code with reduced UI to improve terminal performance on older hardware
• D. Running Claude Code in read-only mode for code review without allowing file modifications

A developer notices that Claude Code occasionally modifies files outside the intended project directory. What configuration prevents this?

• A. Set the CLAUDE_SAFE_MODE=true environment variable
• B. Configure the allowedPaths setting in the Claude Code configuration to restrict file operations to specific directories
• C. Add a NEVER_MODIFY section to the CLAUDE.md file listing restricted paths
• D. Use the --sandbox flag when starting Claude Code

Which of the following is a valid use case for Claude Code Skills?

• A. Storing persistent data between Claude Code sessions
• B. Packaging reusable, multi-step workflows (e.g. "create a new microservice", "run a security audit") that can be invoked as slash commands and shared across teams
• C. Upgrading Claude Code to access newer model capabilities
• D. Configuring network proxy settings for Claude Code API calls

An enterprise is considering Claude Code for legacy Java codebase modernisation. The codebase is 2 million lines across 400 repositories. What is the recommended architectural approach?

• A. Run a single Claude Code session against all 400 repositories simultaneously
• B. Use Claude Code in headless mode with repository-by-repository processing, coordinated by a CI/CD pipeline that manages batching, dependency ordering, and rollback
• C. Use the Batch API to pre-process all repositories before involving Claude Code
• D. Limit Claude Code to read-only analysis mode, with human developers implementing all changes

What happens when a Claude Code hook exits with a non-zero exit code?

• A. Claude Code displays a warning but continues execution
• B. Claude Code treats the hook failure as a signal to halt the current action — for pre-tool hooks, this blocks the tool execution; for post-tool hooks, this flags the result for review
• C. Claude Code automatically retries the hook up to three times
• D. Claude Code switches to a fallback command defined in the hook configuration

An enterprise security policy requires that Claude Code never executes shell commands that contact external networks. How is this enforced?

• A. Add "Never run network commands" to CLAUDE.md
• B. Implement a pre-tool Bash hook that inspects the command string and blocks commands containing network utilities (curl, wget, nc, etc.) before execution
• C. Configure the network proxy to block Claude Code's outbound connections
• D. Use the --no-network flag when starting Claude Code

In a multi-agent Claude system, what is the primary role of the orchestrator agent?

• A. To execute all tool calls on behalf of the worker agents
• B. To decompose complex tasks into subtasks, route them to specialised worker agents, and synthesise their results into a coherent output
• C. To monitor worker agents for safety violations and shut them down if needed
• D. To manage the context window of all worker agents simultaneously

An agentic Claude system is designed to autonomously process incoming purchase orders and update inventory. What is the most critical safety design principle to apply?

• A. Use extended thinking to ensure Claude reasons carefully before each action
• B. Design for minimal footprint: grant only the permissions required for specific tasks, make irreversible actions (inventory writes, order confirmations) require human approval above defined thresholds
• C. Route all actions through Opus to maximise decision quality
• D. Implement retry logic so the agent can recover from failed actions autonomously

A Claude agent is running an agentic loop and encounters an ambiguous situation not covered by its instructions. What is the correct behaviour according to Anthropic's agentic design principles?

• A. Make a best-effort decision and continue to avoid interrupting the user
• B. Pause and ask the user for clarification before proceeding, or if unable to pause, abort and report the ambiguity
• C. Use extended thinking to resolve the ambiguity independently
• D. Default to the most conservative possible action

What is a "prompt injection attack" in the context of Claude agents, and what is the primary defence?

• A. When an attacker sends too many requests to exhaust Claude's context window; defend with rate limiting
• B. When malicious instructions embedded in external content (emails, documents, web pages) attempt to hijack Claude's actions; defend with clear separation of trusted instructions and untrusted content, and validating actions against the original user intent
• C. When a user crafts a prompt that causes Claude to reveal its system prompt; defend with output screening
• D. When SQL injection is executed via a Claude tool call; defend with parameterised queries

In a Claude Agent SDK implementation, when should you use parallel agent execution versus sequential execution?

• A. Always use parallel execution to minimise total wall-clock time
• B. Use parallel execution for independent subtasks with no data dependencies; use sequential execution when later tasks depend on the output of earlier tasks
• C. Use sequential execution for all agent workflows to prevent race conditions
• D. Use parallel execution only when each agent calls different tools

What mechanism does the Claude Agent SDK provide for parent agents to receive results from sub-agents?

• A. Shared memory accessible to all agents in the system
• B. A message queue that buffers sub-agent outputs
• C. The sub-agent's return value is passed back to the parent agent as the result of the Task tool call that spawned it
• D. Sub-agents write results to a designated file that the parent agent polls

An enterprise wants to implement an AI agent that can book calendar appointments on behalf of employees. What human oversight mechanism is most appropriate for this use case?

• A. No oversight — calendar booking is low-risk enough for full autonomy
• B. Show the user a summary of the proposed booking (attendees, time, location) for confirmation before the agent calls the Calendar API
• C. Log all bookings to an audit trail that managers can review weekly
• D. Require IT approval for each booking request

Claude's extended thinking feature is most valuable in an agentic context for which type of task?

• A. High-volume, repetitive classification tasks requiring consistent output
• B. Complex, multi-step reasoning tasks where the agent must evaluate competing options, weigh risks, and arrive at a well-justified decision before taking action
• C. Real-time streaming responses where latency is the primary constraint
• D. Tasks requiring memory of previous conversation turns

An agent is executing a 20-step workflow when it encounters an error at step 14. What is the correct design for handling this in a production agentic system?

• A. Restart the entire workflow from step 1
• B. Design the workflow with checkpointing so the agent can resume from the last successful step, and implement compensating transactions to reverse any irreversible actions taken before the error
• C. Mark the workflow as failed and require the user to restart it manually
• D. Have the agent skip the failed step and attempt to complete the remaining steps

What distinguishes a "router" pattern from an "orchestrator" pattern in multi-agent architectures?

• A. Routers use Claude; orchestrators use traditional code
• B. A router directs a request to a single specialist agent based on classification; an orchestrator coordinates multiple agents working together on a complex task, synthesising their outputs
• C. Routers are stateless; orchestrators maintain state across agent calls
• D. Routers are faster; orchestrators are more accurate

A healthcare organisation wants to deploy Claude Enterprise for clinical documentation. What is the first compliance question they must resolve before deployment?

• A. Whether Claude's response quality meets clinical accuracy standards
• B. Whether Anthropic's data processing terms are compatible with their HIPAA Business Associate Agreement obligations, and whether PHI will be included in API requests
• C. Whether Claude supports HL7 FHIR format for data exchange
• D. Whether Claude Enterprise supports the clinical terminology (ICD-10, SNOMED) used by their EHR system

What does Claude Enterprise's "zero data retention" policy mean in practice for enterprise deployments?

• A. Anthropic deletes all training data related to the organisation upon contract termination
• B. Conversation inputs and outputs are not retained by Anthropic after the API response is delivered, and are not used to train future models
• C. The organisation's Claude deployment stores no data locally
• D. Claude does not access any external data sources during inference

An enterprise's IT security team requires that all Claude API calls originate from a specific IP range. What is the correct way to enforce this?

• A. Configure Claude Enterprise's IP allowlist in the Admin Dashboard
• B. Route all Claude API calls through a corporate egress proxy or API gateway that enforces the IP policy at the network layer
• C. Include the corporate IP range in the system prompt so Claude can verify the source
• D. Use an API key scoped to the specific IP range

Which SSO protocol does Claude Enterprise support for enterprise identity integration?

• A. LDAP only
• B. OAuth 2.0 only
• C. SAML 2.0 (for SSO) and SCIM (for automated user provisioning and deprovisioning)
• D. Kerberos and Active Directory native integration

An enterprise CISO asks: "How do we prevent employees from using Claude to exfiltrate confidential documents by pasting them into conversations?" What is the most architecturally sound response?

• A. Trust Claude's Constitutional AI training to refuse to process confidential data
• B. Implement DLP controls at the network/endpoint layer that scan Claude Cowork traffic, classify sensitive data, and block or alert on policy violations; supplement with Claude Enterprise's admin controls and usage monitoring
• C. Restrict Claude Enterprise to read-only mode so it cannot take action on pasted content
• D. Require all employees to sign an acceptable use policy before accessing Claude

A regulated financial institution requires that their Claude deployment data is processed only within EU data centres to comply with GDPR data residency requirements. What should they verify?

• A. That their Anthropic account is registered to an EU billing address
• B. That Anthropic's enterprise offering supports EU data residency, review their DPA (Data Processing Agreement) to confirm processing locations, and confirm that prompt and response data does not transit outside the EEA
• C. That they use Claude models hosted on AWS eu-west-1
• D. That their API calls use TLS 1.3 for EU-compliant encryption

An enterprise is building an AI governance policy for Claude deployments. Which of the following is the most important element to include?

• A. A list of approved Claude model versions to prevent unauthorised upgrades
• B. A use case classification framework that categorises Claude use cases by risk level, with different approval, oversight, and audit requirements for each risk tier
• C. A requirement that all Claude outputs be reviewed by a human before being acted upon
• D. A vendor diversification policy requiring at least two AI providers

Claude Enterprise's Admin Console allows workspace administrators to set "allowed domains" for Claude Cowork. What does this control?

• A. The external websites Claude can browse during conversations
• B. The email domains that can be used to create accounts in the organisation's Claude Enterprise workspace, preventing external users from joining the corporate deployment
• C. The domains of external APIs that MCP servers can connect to
• D. The corporate domains that Claude can reference when generating content

A company deploys Claude for employee productivity. Three months later, an employee's account is compromised. What Claude Enterprise control minimises the blast radius?

• A. Requiring 2FA for all Claude logins
• B. Role-based access controls (RBAC) limiting each user to only the Claude features and connected data sources relevant to their job function, combined with SCIM for immediate account deprovisioning
• C. Claude's Constitutional AI training prevents misuse even from compromised accounts
• D. Logging all conversations so post-incident forensics can identify the damage

An organisation is evaluating whether to use Claude Enterprise (SaaS) or deploy Claude through AWS Bedrock. What is the primary technical differentiator that would lead a security-conscious enterprise to choose Bedrock?

• A. Bedrock provides access to newer Claude model versions before they are available on Claude Enterprise
• B. AWS Bedrock enables the enterprise to process Claude API calls within their existing AWS VPC, apply AWS IAM permissions, use AWS CloudTrail for audit logging, and keep data within their existing AWS data governance boundary
• C. Bedrock is significantly cheaper than Claude Enterprise for high-volume workloads
• D. Bedrock supports more Claude model variants than the direct API