PCI CPSA Exam Practice Test Instant Access

Question 1

In relation to guards, which of the following must the vendor ensure?

AA clear segregation of duties is maintained between production staff and guards

BA clear segregation of duties is maintained between guard and reception related job functions

CThere is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

DThere is always at least one guard in the HSA and one guard in the security control room at all times

Answer : C

Question 2

Where can misprinted, partially finished cards be shredded?

AIn any HSA room approved by the security manager

BEither in the HSA printing room or destruction room

COnly in the HSA destruction room

DEither in the HSA destruction room or a loading bay that meets all requirements of a destruction room

Answer : D

Question 3

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

AThey may be put into remediation or revoked by the applicable payment brands

BThey may be put into remediation or revoked by PCI SSC

CThey may be fined by the applicable payment brands

DThey may be fined by PCI SSC

Answer : A

Question 4

The vendor's technical documentation shows that the alarm system does not send alerts to the security control room. After a discussion you learn that the alarm works perfectly, and sends a clear signal to summon the local police every time an emergency exit is opened. Why might this cause a problem for their assessment?

AIf the local police have not been issued with an exterior key. they will not be able to investigate the cause of the alarm and reset it

BDuring working hours, the alarm should be managed in the security control room, or by a central monitoring service

CIf the local police receive too many false-positive alerts, they may not respond within 15 minutes of the alarm

DDuring busy times, the local police may not be able to respond

Answer : C

Question 5

During an assessment you ask to see employee records for employees with access to the HS

AThe records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?

AEmployee information, including background checks, must be stored for at least seven years

BEmployee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)

CThe vendor must retain the background information for at least 18 months after termination of contract

DThe vendor must only retain background information for all current employees, not for those that have been terminated

Answer : A, A

Question 6

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

APayment brands

BIssuing banks

CVendor

DPCI SSC

Answer : D

Question 7

An assessor must provide which of the following to their client at the start of every assessment?

ACPSA Feedback Form

BQuality Assurance Manual

CAttestation of Compliance

DVendor Release Agreement

Answer : C

PCI CPSA Card Production Security Assessor (CPSA) Qualification Exam Practice Test