Q50 of 60 — CCA Practice Exam

Claude Code for Continuous Integration

Your CI pipeline uses Claude Code to perform dependency vulnerability research across 40+ microservices. Each nightly run takes a single Claude session to scan all services, cross-reference CVE databases, and produce a consolidated security report. You observe that reports generated in the final 20% of the run systematically miss known vulnerabilities that were correctly flagged in earlier services — but the logs show Claude did find the relevant CVE data mid-session. What architectural change would most reliably prevent this information loss?

A. Increase the token budget for the session so Claude has enough context to retain CVE findings from early services all the way through to the final consolidated report.

B. After each service scan, have Claude write structured research notes (CVE findings, confidence levels, service status) to a persisted file, then start a fresh context window that loads those notes before continuing.

C. Add a system prompt instruction telling Claude to explicitly prioritize retaining vulnerability findings from earlier services and to cross-reference all of them before writing the final consolidated security report.

D. Run a dedicated second Claude pass over the completed report to catch any missed vulnerabilities, supplying the original CVE database records as reference input for that review pass.