Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free CBA Practice Questions

Pass your ASQ Certified Biomedical Auditor exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not publicly disclosed Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

In ISO 13485:2016, what is the specific requirement regarding the retention period for records?

A
B
C
D
to track
Same family resources

Explore More ASQ Quality Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

ASQ CMQ/OE Manager of Quality

Practice Questions1 blog

CQE Certified Quality Engineer

Practice Questions1 blog

ASQ CQA Certified Quality Auditor

Practice Questions

ASQ CCT Certified Calibration Technician

Practice Questions

ASQ CQI Certified Quality Inspector

Practice Questions

ASQ CQT Certified Quality Technician

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleCQE Exam Guide 2026: ASQ Certified Quality Engineer Prep11 min readArticleFREE ASQ CMQ/OE Exam Guide 2026: New BoK, Fees, Open Book Plan11 min read
2026 Statistics

Key Facts: CBA Exam

135

Scored Questions

ASQ

4 hours

Exam Time

ASQ

$550

Exam Fee (non-member)

ASQ

5 yrs

Experience Required

ASQ

3 years

Recertification Cycle

ASQ

Open-book

Exam Format

ASQ

The CBA has 135 scored questions in 4 hours (open-book). Covers biomedical QMS auditing across ISO 13485, FDA 21 CFR Part 820 QMSR, risk management, design controls, process validation, sterilization, MDR, and quality statistics.

Sample CBA Practice Questions

Try these sample questions to test your CBA exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which of the following BEST describes the primary purpose of a third-party audit?
A.To assess a supplier's quality system on behalf of the purchasing organization
B.To evaluate a company's own processes for internal improvement
C.To provide an independent, impartial assessment of an organization's quality management system
D.To verify that a competitor's products meet regulatory requirements
Explanation: A third-party audit is performed by an organization independent of both the auditing body and the auditee, such as a certification body or regulatory agency. Its hallmark is independence and impartiality, which distinguishes it from first-party (internal) and second-party (supplier/customer) audits. ISO 19011 defines three types of audit based on relationship: first-, second-, and third-party. Exam tip: Remember that third-party = independent certification or regulatory bodies.
2Under ISO 13485:2016, which clause specifically requires the organization to establish and maintain a quality manual?
A.Clause 4.1
B.Clause 4.2.2
C.Clause 5.4
D.Clause 7.1
Explanation: ISO 13485:2016 Clause 4.2.2 requires the organization to establish and maintain a quality manual that includes the scope of the QMS, documented procedures or references to them, and a description of the interaction between QMS processes. This is a documented information requirement unique to ISO 13485 (unlike ISO 9001:2015, which does not mandate a quality manual). Exam tip: ISO 13485 retains many documentation requirements that ISO 9001:2015 relaxed.
3A biomedical auditor discovers that a medical device manufacturer has been implementing changes to device design without updating the Design History File. Which FDA 21 CFR Part 820 section is most directly violated?
A.820.30 — Design Controls
B.820.40 — Document Controls
C.820.80 — Receiving, In-Process, and Finished Device Acceptance
D.820.100 — Corrective and Preventive Action
Explanation: FDA 21 CFR 820.30 Design Controls requires that a Design History File (DHF) be established and maintained for each type of device. The DHF must contain or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan. Failure to update the DHF when design changes occur is a direct violation of 820.30. Exam tip: DHF = design development records; DMR = production specification; DHR = actual production records.
4Which standard provides the primary framework for conducting medical device quality management system audits, covering audit principles, managing an audit programme, and performing audits?
A.ISO 13485:2016
B.ISO 14971:2019
C.ISO 19011:2018
D.FDA 21 CFR Part 820
Explanation: ISO 19011:2018 provides guidelines for auditing management systems, including audit principles, managing an audit programme, and conducting management system audits. It is the primary auditing guideline referenced for CBA exam purposes. ISO 13485 specifies QMS requirements, ISO 14971 addresses risk management, and FDA 21 CFR Part 820 is a regulatory requirement for device manufacturers. Exam tip: ISO 19011 = HOW to audit; ISO 13485 = WHAT the QMS must contain.
5During a supplier audit, an auditor observes that the supplier's employees are following undocumented procedures that differ from the written SOPs. How should the auditor classify this finding?
A.Observation only, since no regulatory requirement is cited
B.Nonconformance, because actual practice does not conform to documented procedures
C.Opportunity for improvement, because the undocumented practices may be more efficient
D.Minor nonconformance only if the difference creates a product risk
Explanation: A nonconformance exists when there is a failure to fulfill a stated requirement. When employees deviate from documented procedures, the actual practice does not conform to the QMS requirement regardless of product outcome. ISO 13485:2016 and FDA 21 CFR Part 820 both require that procedures be followed. The auditor does not need product risk evidence to classify this as a nonconformance. Exam tip: Classify based on the requirement violated, not on outcome risk.
6Under FDA 21 CFR Part 803 (Medical Device Reporting), a manufacturer must submit a MDR report to FDA within how many days of becoming aware of information reasonably suggesting that a device caused or contributed to a serious injury?
A.5 working days
B.15 working days
C.30 calendar days
D.60 calendar days
Explanation: FDA 21 CFR Part 803.50 requires manufacturers to submit a malfunction report or serious injury report to FDA within 30 calendar days of becoming aware. However, for serious injury reports, the correct regulatory deadline is 30 calendar days. Note: 5 working days applies to events that require remedial action to prevent an unreasonable risk of substantial harm. Exam tip: Know the two MDR deadlines — 30 days (serious injury/malfunction) and 5 working days (immediate hazard).
7Which element is NOT required to be included in an audit plan according to ISO 19011:2018?
A.The audit objectives, scope, and criteria
B.The locations, dates, and expected duration
C.The names of the auditee's senior management team
D.The roles and responsibilities of the audit team members
Explanation: ISO 19011:2018 Clause 6.3.2 lists the content required in an audit plan, including objectives, scope, criteria, locations, dates, duration, and audit team roles. The names of auditee senior management are not a required audit plan element. Audit planning focuses on logistics and audit design, not on identifying specific auditee personnel by name. Exam tip: Know the 10+ elements of an audit plan from ISO 19011 Clause 6.3.2.
8ISO 14971:2019 defines risk as which of the following?
A.The probability that a hazard will occur
B.The combination of the probability of occurrence of harm and the severity of that harm
C.The severity of injury to a patient caused by a device failure
D.The likelihood that a hazard will be detected before reaching the patient
Explanation: ISO 14971:2019 defines risk as the combination of the probability of occurrence of harm and the severity of that harm (Clause 3.27). This two-dimensional definition is fundamental to the risk management process for medical devices. Probability alone or severity alone does not constitute risk under this standard. Exam tip: Risk = Probability × Severity; Hazardous Situation sits between Hazard and Harm in the sequence.
9During an audit opening meeting, the lead auditor's primary objective is to:
A.Review audit findings and obtain auditee agreement on nonconformances
B.Introduce the audit team, confirm scope and objectives, and explain the audit process
C.Collect objective evidence and conduct interviews with process owners
D.Present the draft audit report and allow auditee rebuttal
Explanation: The opening meeting is the formal start of the audit execution phase. Its primary purposes are to introduce the audit team, confirm the audit scope and objectives, describe the audit methodology, establish communication channels, and address any administrative matters. Evidence collection, interviews, and reporting occur later in the audit process. Exam tip: Opening = introductions + logistics; Exit/closing = findings summary.
10Under FDA 21 CFR Part 820.100, which CAPA element requires that the effectiveness of the corrective action be confirmed before the CAPA is closed?
A.Analyzing the source of the problem
B.Verification or validation of corrective action
C.Implementing and recording changes to methods and procedures
D.Disseminating information related to quality problems
Explanation: FDA 21 CFR 820.100(a)(4) requires verifying or validating corrective and preventive actions to ensure that such actions are effective and do not adversely affect the finished device. This verification step confirms the root cause has been addressed and the problem has not recurred before the CAPA can be closed. Exam tip: CAPA cannot be closed without documented effectiveness verification — a frequent audit finding.

About the CBA Exam

The ASQ Certified Biomedical Auditor (CBA) validates expertise in auditing medical device quality management systems against ISO 13485, FDA 21 CFR Part 820 (QMSR), and related biomedical regulations. CBAs plan, conduct, and report audits of biomedical systems and assess conformance with international standards including ISO 14971 and ISO 10993.

Questions

135 scored questions

Time Limit

4 hours

Passing Score

ASQ scaled scoring; cut score not publicly disclosed

Exam Fee

$450 (members) / $550 (non-members) (American Society for Quality (ASQ))

CBA Exam Content Outline

11%

Auditing Fundamentals

Audit types (first/second/third-party, system/process/product), roles, ethics, legal and professional issues

22%

Auditing and Inspection Processes

Audit planning, documentation, strategies, opening/closing meetings, evidence collection, nonconformance classification, reporting, CAPA follow-up

30%

Biomedical QMS Regulations

ISO 13485, FDA 21 CFR Part 820 (QMSR), design controls, management controls, document/change control, purchasing, production, postmarket surveillance (MDR Part 803, corrections Part 806, electronic records Part 11)

22%

Technical Knowledge

Risk management (ISO 14971), process validation (IQ/OQ/PQ), sterilization (ISO 11135/11137), biocompatibility (ISO 10993), software validation, laboratory testing, EU MDR awareness

15%

Quality Tools and Techniques

Statistical sampling (AQL/Z1.4/Z1.9), process capability (Cp/Cpk), Pareto, fishbone, scatter diagrams, cost of quality

How to Pass the CBA Exam

What You Need to Know

  • Passing score: ASQ scaled scoring; cut score not publicly disclosed
  • Exam length: 135 questions
  • Time limit: 4 hours
  • Exam fee: $450 (members) / $550 (non-members)

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CBA Study Tips from Top Performers

1Bring tabbed reference copies of ISO 13485:2016, FDA 21 CFR Part 820, ISO 14971:2019, and ISO 19011:2018
2Know the FDA 21 CFR Part 820 QMSR section numbers — 820.30 (Design), 820.50 (Purchasing), 820.100 (CAPA), 820.198 (Complaints)
3Understand the ISO 14971 risk control hierarchy: inherent safety by design → protective measures → information for safety
4Distinguish design verification (outputs meet inputs) from design validation (device meets user needs)
5Know MDR reporting timelines: 30 calendar days for serious injury/malfunction; 5 working days for events requiring immediate remedial action

Frequently Asked Questions

How many questions are on the CBA exam?

The CBA has 135 scored questions in a 4-hour exam window (145 total for CBT, including 10 unscored pretest items). It is open-book.

What are the eligibility requirements for the CBA?

5 years of full-time paid work experience in CBA BoK areas, with 1 year in a decision-making position. Degree holders may receive partial experience waivers.

What standards should I study for the CBA?

Focus on ISO 13485:2016, FDA 21 CFR Part 820 (QMSR), ISO 14971 (risk management), ISO 19011 (auditing), ISO 10993 (biocompatibility), and the MDR/corrections regulations (Parts 803 and 806).

Is the CBA exam open-book?

Yes, the CBA is an open-book exam. Bring tabbed, organized reference materials — ISO 13485, FDA 21 CFR Part 820, ISO 14971, and ISO 19011 are the most commonly needed references.