PCI CPSA Exam Practice Test Instant Access

Question 1

If a vendor plans to terminate an employee, which of these must be done?

AThe employee must be escorted from the premises immediately

BThe employee's locker and desk must be searched prior to termination

CThe Human Resources department must be notified prior to termination

DThe security manager must be notified in writing prior to termination

Answer : C

Question 2

Where can misprinted, partially finished cards be shredded?

AIn any HSA room approved by the security manager

BEither in the HSA printing room or destruction room

COnly in the HSA destruction room

DEither in the HSA destruction room or a loading bay that meets all requirements of a destruction room

Answer : D

Question 3

Before you go on-site, the vendor's primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

AVendor senior management

BPayment brands

CAffected issuers

DPCI SSC

Answer : D

Question 4

An assessor must provide which of the following to their client at the start of every assessment?

ACPSA Feedback Form

BQuality Assurance Manual

CAttestation of Compliance

DVendor Release Agreement

Answer : C

Question 5

During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your conclusion?

ACompliant, because the guard escorted you

BCompliant, because the guard ensured that the card product remained under dual control

CNot compliant, because an inventory of the card product did not take place prior to entry

DNot compliant, because the guard escorted you

Answer : B

Question 6

In which of the following locations must the CCTV and access control servers be located?

AWithin the Security Control Room (SCR)

BWithin a room in the HSA with security controls equivalent to the SCR applied

CWithin the SCR or a room with equivalent security

DWithin the secure server room inside of the HSA

Answer : C

Question 7

For how long must a CPSA Company maintain workpapers and technical information obtained during an assessment?

AUntil each applicable payment brand has accepted (and signed off) the ROC and AOC

BAs long as the entity under assessment is a client of the CPSA Company

C3 years

D1 year

Answer : C

PCI CPSA Card Production Security Assessor (CPSA) Qualification Exam Practice Test