Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

PCI SSC CPSA_P_New - Card Production Security AssessorCPSA Physical NewExam

Page: 1 / 2
Total 50 questions

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

A.

Vendor senior management

B.

Payment brands

C.

Affected issuers

D.

PCI SSC

Which of the follow best describes a Technical FAQ?

A.

Technical FAQs only apply to the specific technology as the FAQ defines it

B.

Technical FAQs can be submitted to PCI SSC at any time

C.

Use of the Technical FAQs is mandatory, they shall be used during an assessment

D.

Use of the Technical FAQs is optional, they are considered guidance

A vendor receives cardholder information and keys from a bank. The vendor then performs the following:

* Uses its HSM to create keys

* Creates cardholder information specific to each cardholder, including name and PAN

* Formats the data for the hardware that will put it on a card

* Writes it to an encrypted file

Which of the following best describes this process?

A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization

A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?

A.

Provide only certified guards

B.

Register their service with the VPA

C.

Maintain their own liability insurance in case of losses to card material

D.

Undergo their own Card Production assessment and provide evidence of a passing result

A vendor is unsure which forms are needed to complete an assessment. Who should they ask?

A.

Assessor

B.

Issuing banks

C.

Payment brands

D.

PCI SSC

To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

A.

The external facing door

B.

The internal facing door

C.

The last activated door

D.

The least secure door

During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?

A.

Employee information, including background checks, must be stored for at least seven years

B.

Employee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)

C.

The vendor must retain the background information for at least 18 months after termination of contract

D.

The vendor must only retain background information for all current employees, not for those that have been terminated

For each requirement listed in a ROC, which types of findings must have a full narrative response?

A.

All types of findings

B.

Non-compliant findings only

C.

New or Closed findings only

D.

All types except Not Applicable findings

Which of the following statements is true in relation to visitor access badges?

A.

Each visitor entering the facility must be issued and must visibly wear a disposable ID badge that identifies them as a non-employee

B.

Each visitor entering the facility must wear their issued access badge above waist height

C.

Badges with access-controls must not be issued to visitors

D.

Unissued visitor access badges must be securely stored