PCI CPSA Exam Questions Instant Access - No Installation Required

Question 1

A cardholder wants to make purchases using their phone, so they have their cardholder information programmed into their SIM card using their mobile phone provider. Which of the following best describes this system?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DOver-the-air (OTA) provisioning

Answer : B

Question 2

In relation to guards, which of the following must the vendor ensure?

AA clear segregation of duties is maintained between production staff and guards

BA clear segregation of duties is maintained between guard and reception related job functions

CThere is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

DThere is always at least one guard in the HSA and one guard in the security control room at all times

Answer : C

Question 3

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder's mobile device. Which of the following best describes the vendor's activities?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DOver-the-air (OTA) provisioning

Answer : C

Question 4

Which of the following principles must be enforce by the HSA Access Control system?

ADual control

BDual presence

CDual control and dual presence

DDual guard entry when required

Answer : C

Question 5

After reviewing their completed ROC and AOC, which state that they are compliant, the vendor wishes to be listed on PCI SSC's list of Compliant Card Vendors. How should you assist them with the listing process?

ASubmit the full ROC to PCI SSC

BSubmit only the AOC to PCI SSC

CInform the vendor that PCI SSC does not list compliant vendors

DInform the vendor that they must request a listing via the payment brand(s) that received their ROC

Answer : D

Question 6

How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

AEvery day

BEvery week

CEvery month

DEvery 3 months

Answer : D

Question 7

A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?

AProvide only certified guards

BRegister their service with the VPA

CMaintain their own liability insurance in case of losses to card material

DUndergo their own Card Production assessment and provide evidence of a passing result

Answer : C

PCI Card Production Security Assessor (CPSA) Qualification CPSA Exam Questions