Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

PCI SSC CPSA - Card Production Security Assessor (CPSA)Qualification Exam

PCI SSC CPSA Premium Access     Download Demo    
Page: 1 / 2
Total 50 questions

Which of the follow best describes a Technical FAQ?

A.

Technical FAQs only apply to the specific technology as the FAQ defines it

B.

Technical FAQs can be submitted to PCI SSC at any time

C.

Use of the Technical FAQs is mandatory, they shall be used during an assessment

D.

Use of the Technical FAQs is optional, they are considered guidance

If you have a query about a missing field in the card production reporting template, which organization is best-placed to answer it?

A.

The payment brands

B.

The vendor

C.

The issuer

D.

PCI SSC

When must HSA motion detectors generate an alarm event?

A.

Each time movement is detected

B.

Each time movement is detected outside of regular business hours

C.

Each time movement is detected and the access-control system indicates the room is occupied

D.

Each time movement is detected and the access-control system indicates the room is not occupied

To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

A.

The external facing door

B.

The internal facing door

C.

The last activated door

D.

The least secure door

Who performs regular AQM audits of CPSA companies?

A.

Issuing banks

B.

Payment brands

C.

PCI SSC

D.

Vendor

For how long must a CPSA Company maintain workpapers and technical information obtained during an assessment?

A.

Until each applicable payment brand has accepted (and signed off) the ROC and AOC

B.

As long as the entity under assessment is a client of the CPSA Company

C.

3 years

D.

1 year

Which of the following statements is true in relation to visitor access badges?

A.

Each visitor entering the facility must be issued and must visibly wear a disposable ID badge that identifies them as a non-employee

B.

Each visitor entering the facility must wear their issued access badge above waist height

C.

Badges with access-controls must not be issued to visitors

D.

Unissued visitor access badges must be securely stored

A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?

A.

PCI SSC

B.

Assessor

C.

Issuing banks

D.

Payment brands

Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

A.

Adding additional rights to someone’s role to give them access to the mam production vault

B.

Any change to a role that directly affects the security of card products and related components

C.

Hiring someone that will directly interact with the card issuers

D.

Promoting someone to senior management level

Where can misprinted, partially finished cards be shredded?

A.

In any HSA room approved by the security manager

B.

Either in the HSA printing room or destruction room

C.

Only in the HSA destruction room

D.

Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room