New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > PCI SSC > PCI SSC Certification > CPSA_P_New

CPSA_P_New Card Production Security AssessorCPSA Physical NewExam Question and Answers

Question # 4

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

A.

Payment brands

B.

Issuing banks

C.

Vendor

D.

PCI SSC

Full Access
Question # 5

To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

A.

The external facing door

B.

The internal facing door

C.

The last activated door

D.

The least secure door

Full Access
Question # 6

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Full Access
Question # 7

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

A.

They may be put into remediation or revoked by the applicable payment brands

B.

They may be put into remediation or revoked by PCI SSC

C.

They may be fined by the applicable payment brands

D.

They may be fined by PCI SSC

Full Access
Question # 8

How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

A.

Every day

B.

Every week

C.

Every month

D.

Every 3 months

Full Access
Question # 9

A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?

A.

PCI SSC

B.

Assessor

C.

Issuing banks

D.

Payment brands

Full Access
Question # 10

A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the data. The chip can make contactless transactions. Which of the following best describes the vendor’s activity?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Fulfillment

Full Access
Question # 11

Where can misprinted, partially finished cards be shredded?

A.

In any HSA room approved by the security manager

B.

Either in the HSA printing room or destruction room

C.

Only in the HSA destruction room

D.

Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room

Full Access
Question # 12

Which document describes the results of an assessment, and is signed by both the assessor and the vendor executive officer?

A.

Security Assessment Questionnaire (SAQ)

B.

Attestation of Compliance (AOC)

C.

Report on Compliance (ROC)

D.

Letter of Approval (LOA)

Full Access
Question # 13

A vendor’s HSA access is enforced by a security turnstile they have a logical access-control system that ensures anti pass-back. The device is functioning correctly. When must the status of the access change?

A.

Only when an unauthorised badge is presented

B.

Only when the person has successfully completed the access cycle

C.

Upon initial entry of the person into the device, prior to completion of the access cycle

D.

Upon initial presentation of an authorised badge, prior to completion of the access cycle

Full Access
Question # 14

Under which circumstances may boxes containing card stock remain unsealed within the vault?

A.

Where stock from those boxes will be pulled multiple times per day

B.

Where the stock from those boxes will be pulled once at the beginning of production

C.

Always, as long as an accurate inventory is being maintained

D.

This is never permitted

Full Access
Question # 15

You wish to check that you are using the most current version of the Card Production requirements. What should you do?

A.

Have the CPSA Company’s point of contact request the document

B.

Download it from PCI SSC’s Document Library

C.

Email a request for the document to PCI SSC

D.

View it directly via PCI SSC Assessor Portal

Full Access