PCI CPSA Exam Practice Test Instant Access

Question 1

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder's mobile device. Which of the following best describes the vendor's activities?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DOver-the-air (OTA) provisioning

Answer : C

Question 2

Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

AAdding additional rights to someone's role to give them access to the mam production vault

BAny change to a role that directly affects the security of card products and related components

CHiring someone that will directly interact with the card issuers

DPromoting someone to senior management level

Answer : B

Question 3

Which of the following statements is true in relation to visitor access badges?

AEach visitor entering the facility must be issued and must visibly wear a disposable ID badge that identifies them as a non-employee

BEach visitor entering the facility must wear their issued access badge above waist height

CBadges with access-controls must not be issued to visitors

DUnissued visitor access badges must be securely stored

Answer : A

Question 4

Which of the following statements is true about the facility's non-emergency exits?

AThey must be contact-alarm monitored only when card production activities are taking place

BThey must be configured to prevent staff tailgating

CThey may be left unlocked when a guard is present

DThey must be fitted with biometric access-control devices

Answer : B

Question 5

The receptionist responsible for the entrance and departure of visitors must have which of the following?

AA shredder for the destruction of disposable visitor badges

BA constant, open communication channel with a guard

CAn unobstructed view of the reception area at all times

DA means of communicating directly with the visitor while on the premises

Answer : C

Question 6

A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the dat

a. The chip can make contactless transactions. Which of the following best describes the vendor's activity?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DFulfillment

Answer : C

Question 7

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

AThey may be put into remediation or revoked by the applicable payment brands

BThey may be put into remediation or revoked by PCI SSC

CThey may be fined by the applicable payment brands

DThey may be fined by PCI SSC

Answer : A

PCI Card Production Security Assessor (CPSA) Qualification CPSA Exam Practice Test