1. Home
  2. PCI SSC
  3. No Cert Assigned
  4. CPSA
  5. Card Production Security Assessor (CPSA)Qualification Exam Questions and Answers

Pass the PCI SSC No Cert Assigned CPSA Questions and answers with CertsForce

 PCI SSC Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

A vendor is unsure which forms are needed to complete an assessment. Who should they ask?

Options:
A.

Assessor

B.

Issuing banks

C.

Payment brands

D.

PCI SSC

Questions # 2:

The receptionist responsible for the entrance and departure of visitors must have which of the following?

Options:
A.

A shredder for the destruction of disposable visitor badges

B.

A constant, open communication channel with a guard

C.

An unobstructed view of the reception area at all times

D.

A means of communicating directly with the visitor while on the premises

Questions # 3:

A vendor uses codes from a chip manufacturer to ‘unlock’ chips and prepare them for use by adding applications and keys. Which of the following best describes this process?

Options:
A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization

Questions # 4:

During an assessment you walk the perimeter of the building with a guard you find an emergency exit door from the facility and ask the guard what is on the other side. The guard can’t remember, and so uses their assigned, secure key to open the door and show you a corridor within the facility. What most concerns you about the situation?

Options:
A.

The exit door should not lead into the facility

B.

The exit door should not be capable of being opened from the outside

C.

The guard should not have forgotten where the door leads to

D.

The guard should have sought permission from their manager before opening the door

Questions # 5:

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

Options:
A.

Payment brands

B.

Issuing banks

C.

Vendor

D.

PCI SSC

Questions # 6:

Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

Options:
A.

Vendor senior management

B.

Payment brands

C.

Affected issuers

D.

PCI SSC

Questions # 7:

An assessor must provide which of the following to their client at the start of every assessment?

Options:
A.

CPSA Feedback Form

B.

Quality Assurance Manual

C.

Attestation of Compliance

D.

Vendor Release Agreement

Questions # 8:

Who is required to approve visitor entry to the HSA or cloud-based provisioning environment?

Options:
A.

The head of the vendor facility

B.

The Security Manager

C.

Both the Security Manager and the Production Manager

D.

The Security Manager, Production Manager, and the head of the vendor facility

Questions # 9:

How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

Options:
A.

Every day

B.

Every week

C.

Every month

D.

Every 3 months

Questions # 10:

Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

Options:
A.

Adding additional rights to someone’s role to give them access to the mam production vault

B.

Any change to a role that directly affects the security of card products and related components

C.

Hiring someone that will directly interact with the card issuers

D.

Promoting someone to senior management level

Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions