CCAS Exam Prep Free practice test →

Free CCAS Practice Questions

9 free, exam-style Certified Cryptoasset Anti-Financial Crime Specialist (CCAS) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CCAS practice test to study every exam domain.

Question 1

A blockchain analytics analyst applies the common-input-ownership heuristic to cluster wallet addresses in a Bitcoin investigation. Which architectural feature of Bitcoin makes this heuristic possible?

  1. Bitcoin's Proof of Work consensus requires all participating miners to register wallet addresses publicly with the network before mining
  2. Bitcoin transactions are fully transparent and permanently record the verified legal identity of every sender on the blockchain
  3. Bitcoin uses a UTXO model, so multiple inputs in one transaction are assumed to share a common controller
  4. Bitcoin's account-based ledger automatically links all outbound transactions back to a single originating address
Show answer & explanation

Correct answer: C - Bitcoin uses a UTXO model, so multiple inputs in one transaction are assumed to share a common controller

Question 2

A customer claims that a large Bitcoin deposit consists entirely of coins they personally mined. From an AML risk perspective, how should a compliance officer assess this source-of-funds explanation, all else being equal?

  1. Lower risk - freshly mined coins have no prior transaction history and cannot carry taint from illicit activity
  2. Higher risk - mining is frequently associated with organised crime and always warrants Enhanced Due Diligence
  3. Higher risk - mining pool structures make it impossible to confirm which specific coins belong to any individual miner
  4. Neutral - mining rewards cannot be independently verified on the blockchain, so no meaningful risk assessment is possible without external documentation from the mining pool operator
Show answer & explanation

Correct answer: A - Lower risk - freshly mined coins have no prior transaction history and cannot carry taint from illicit activity

Question 3

A retail bank launches a service allowing customers to purchase Bitcoin through its mobile app, with the bank holding the private keys on their behalf. Under FATF Recommendation 15, what is the BEST description of the bank's new compliance obligations?

  1. The bank must obtain a standalone cryptocurrency licence, but its existing AML programme does not need to be updated for this activity
  2. FATF Recommendation 15 applies only to entities whose sole or primary business is the exchange or transfer of virtual assets; traditional banks are explicitly excluded from its scope
  3. The bank has no new obligations because it is already subject to comprehensive AML/CFT supervision as a licensed financial institution
  4. The bank is acting as a VASP for this activity and must extend its AML/CFT controls specifically to its virtual asset services
Show answer & explanation

Correct answer: D - The bank is acting as a VASP for this activity and must extend its AML/CFT controls specifically to its virtual asset services

Question 4

A compliance analyst at a centralised exchange determines that a customer's inbound funds passed through a mixing service before arriving at the exchange. According to the FATF Virtual Assets Red Flag Indicators report, which category does this activity fall under?

  1. Transaction characteristics, because routing funds through intermediate addresses before arriving at an exchange is a recognised form of layering and structuring
  2. Business patterns, because the transaction is inconsistent with the expected behaviour of a normal retail exchange customer
  3. Senders or recipients, because the mixing service constitutes a high-risk counterparty in the transaction chain
  4. Anonymity, because the customer used a tool specifically designed to obscure the transaction trail
Show answer & explanation

Correct answer: D - Anonymity, because the customer used a tool specifically designed to obscure the transaction trail

Question 5

A VASP's compliance team rates its customer due diligence controls as 50% effective. The organisation's inherent customer risk has been assessed as High based on its product mix and geographic footprint. Which residual risk rating is MOST appropriate?

  1. Low, because the controls are operational and actively reducing exposure across the affected risk categories
  2. Medium, because any functioning set of controls will reduce the residual risk rating by at least one full tier from the inherent level
  3. Critical, because a control effectiveness score below 75% automatically triggers escalation to the highest residual tier
  4. High, because 50% effectiveness against a High inherent risk still leaves substantial unmitigated exposure
Show answer & explanation

Correct answer: D - High, because 50% effectiveness against a High inherent risk still leaves substantial unmitigated exposure

Question 6

A transaction monitoring alert flags a customer who has submitted 15 separate Bitcoin purchases over 10 days, each valued at $950. The customer's stated purpose is 'personal investment' and no single transaction meets the reporting threshold. What is the MOST appropriate compliance response?

  1. Take no action - no individual transaction triggers a mandatory filing obligation under the applicable threshold
  2. Apply enhanced monitoring for 30 days and reassess the account at the end of that period
  3. File a SAR - the pattern indicates structuring regardless of the individual transaction amounts
  4. Contact the customer to request a written explanation for their transaction behaviour before deciding whether to escalate to the compliance team
Show answer & explanation

Correct answer: C - File a SAR - the pattern indicates structuring regardless of the individual transaction amounts

Question 7

Under the FATF Travel Rule as applied to virtual asset transfers above USD 1,000, which information must the originating VASP transmit to the beneficiary VASP along with the transaction?

  1. The originator's wallet balance, account creation date, and transaction velocity over the prior 90 days
  2. The originator's name and wallet address, and the beneficiary's name and wallet address
  3. The originator's name, wallet address, and national tax identification number only
  4. The originator's complete transaction history and a copy of the customer's most recent KYC documentation
Show answer & explanation

Correct answer: B - The originator's name and wallet address, and the beneficiary's name and wallet address

Question 8

A blockchain analytics tool reports that a customer's inbound Bitcoin transaction has 6% indirect exposure to a known darknet marketplace wallet. The direct counterparty is a regulated and licensed exchange. What is the MOST appropriate initial response?

  1. Review context and apply the organisation's indirect-exposure policy before deciding whether to escalate
  2. File a SAR immediately - any indirect darknet exposure, regardless of degree or counterparty, constitutes grounds for filing
  3. Freeze the customer's account and open a full investigation - indirect exposure to darknet activity, even at low percentages, always warrants immediate account suspension pending a senior compliance review
  4. Take no action - the direct counterparty is a regulated exchange and the indirect figure falls below 10%
Show answer & explanation

Correct answer: A - Review context and apply the organisation's indirect-exposure policy before deciding whether to escalate

Question 9

A compliance officer is drafting a Suspicious Activity Report related to a suspected layering scheme involving Ethereum transactions. Which data element should be included in a crypto-specific SAR that would NOT typically appear in a traditional financial SAR?

  1. The customer's full legal name, date of birth, and account number
  2. The transaction hash (TXID) and wallet addresses of the parties involved
  3. A detailed narrative explanation of why the specific transactions are considered suspicious
  4. The exact date, time, and approximate fiat-equivalent dollar value of each transaction flagged
Show answer & explanation

Correct answer: B - The transaction hash (TXID) and wallet addresses of the parties involved

Ready for the real thing?

Practice hundreds more CCAS questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing