PCI CPSA Exam Practice Test Instant Access

Question 1

A cardholder wants to make purchases using their phone, so they have their cardholder information programmed into their SIM card using their mobile phone provider. Which of the following best describes this system?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DOver-the-air (OTA) provisioning

Answer : B

Question 2

In relation to guards, which of the following must the vendor ensure?

AA clear segregation of duties is maintained between production staff and guards

BA clear segregation of duties is maintained between guard and reception related job functions

CThere is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

DThere is always at least one guard in the HSA and one guard in the security control room at all times

Answer : C

Question 3

You wish to check that you are using the most current version of the Card Production requirements. What should you do?

AHave the CPSA Company's point of contact request the document

BDownload it from PCI SSC's Document Library

CEmail a request for the document to PCI SSC

DView it directly via PCI SSC Assessor Portal

Answer : B

Question 4

Which of these are guards allowed access to?

AHSAs

BAudit logs

CLoading bays

DPhysical master keys that provide access to card production or provisioning areas

Answer : D

Question 5

A vendor's HSA access is enforced by a security turnstile they have a logical access-control system that ensures anti pass-back. The device is functioning correctly. When must the status of the access change?

AOnly when an unauthorised badge is presented

BOnly when the person has successfully completed the access cycle

CUpon initial entry of the person into the device, prior to completion of the access cycle

DUpon initial presentation of an authorised badge, prior to completion of the access cycle

Answer : D

Question 6

How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

AEvery day

BEvery week

CEvery month

DEvery 3 months

Answer : D

Question 7

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder's mobile device. Which of the following best describes the vendor's activities?

ACard personalization

BHost Card Emulation (HCE) provisioning

CSecure Element (SE) provisioning

DOver-the-air (OTA) provisioning

Answer : C

PCI CPSA Card Production Security Assessor (CPSA) Qualification Exam Practice Test