New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CPSA_P_New Card Production Security AssessorCPSA Physical NewExam Questions and Answers

Questions 4

When must HSA motion detectors generate an alarm event?

Options:

A.

Each time movement is detected

B.

Each time movement is detected outside of regular business hours

C.

Each time movement is detected and the access-control system indicates the room is occupied

D.

Each time movement is detected and the access-control system indicates the room is not occupied

Buy Now
Questions 5

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

Options:

A.

They may be put into remediation or revoked by the applicable payment brands

B.

They may be put into remediation or revoked by PCI SSC

C.

They may be fined by the applicable payment brands

D.

They may be fined by PCI SSC

Buy Now
Questions 6

During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your conclusion?

Options:

A.

Compliant, because the guard escorted you

B.

Compliant, because the guard ensured that the card product remained under dual control

C.

Not compliant, because an inventory of the card product did not take place prior to entry

D.

Not compliant, because the guard escorted you

Buy Now
Questions 7

Which of the following must be used by the vendor to protect doors that provide access to buildings containing air conditioning equipment?

Options:

A.

Security tape that will leave an observable trace each time a door is opened

B.

Electrical contacts that log each open and close event to a secure system memory

C.

Magnetic contacts that are permanently alarmed and that are connected to the security control-room panels

D.

Physical locks with a limited set of keys under constant supervision by a guard in the security control-room

Buy Now
Questions 8

In relation to guards, which of the following must the vendor ensure?

Options:

A.

A clear segregation of duties is maintained between production staff and guards

B.

A clear segregation of duties is maintained between guard and reception related job functions

C.

There is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

D.

There is always at least one guard in the HSA and one guard in the security control room at all times

Buy Now
Questions 9

For how long must a CPSA Company maintain workpapers and technical information obtained during an assessment?

Options:

A.

Until each applicable payment brand has accepted (and signed off) the ROC and AOC

B.

As long as the entity under assessment is a client of the CPSA Company

C.

3 years

D.

1 year

Buy Now
Questions 10

A vendor receives cardholder information and keys from a bank. The vendor then performs the following:

* Uses its HSM to create keys

* Creates cardholder information specific to each cardholder, including name and PAN

* Formats the data for the hardware that will put it on a card

* Writes it to an encrypted file

Which of the following best describes this process?

Options:

A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization

Buy Now
Questions 11

To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

Options:

A.

The external facing door

B.

The internal facing door

C.

The last activated door

D.

The least secure door

Buy Now
Questions 12

After reviewing their completed ROC and AOC, which state that they are compliant, the vendor wishes to be listed on PCI SSC’s list of Compliant Card Vendors. How should you assist them with the listing process?

Options:

A.

Submit the full ROC to PCI SSC

B.

Submit only the AOC to PCI SSC

C.

Inform the vendor that PCI SSC does not list compliant vendors

D.

Inform the vendor that they must request a listing via the payment brand(s) that received their ROC

Buy Now
Questions 13

For each requirement listed in a ROC, which types of findings must have a full narrative response?

Options:

A.

All types of findings

B.

Non-compliant findings only

C.

New or Closed findings only

D.

All types except Not Applicable findings

Buy Now
Questions 14

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

Options:

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Buy Now
Questions 15

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

Options:

A.

Payment brands

B.

Issuing banks

C.

Vendor

D.

PCI SSC

Buy Now
Exam Code: CPSA_P_New
Exam Name: Card Production Security AssessorCPSA Physical NewExam
Last Update: Dec 21, 2024
Questions: 50

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now CPSA_P_New testing engine

PDF (Q&A)

$36.75  $104.99
buy now CPSA_P_New pdf