PCI SSC CPSA_P_New - Card Production Security AssessorCPSA Physical NewExam
A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?
Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?
Which of the follow best describes a Technical FAQ?
A vendor receives cardholder information and keys from a bank. The vendor then performs the following:
* Uses its HSM to create keys
* Creates cardholder information specific to each cardholder, including name and PAN
* Formats the data for the hardware that will put it on a card
* Writes it to an encrypted file
Which of the following best describes this process?
A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?
To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?
During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?
For each requirement listed in a ROC, which types of findings must have a full narrative response?
Which of the following statements is true in relation to visitor access badges?