Easter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

CPSA Physical New Question and Answers

CPSA Physical New

Last Update May 18, 2024
Total Questions : 50

We are offering FREE CPSA_P_New PCI SSC exam questions. All you do is to just go and sign up. Give your details, prepare CPSA_P_New free exam questions and then go for complete pool of CPSA Physical New test questions that will help you more.

CPSA_P_New pdf

CPSA_P_New PDF

$35  $99.99
 Add to Cart
CPSA_P_New Engine

CPSA_P_New Testing Engine

$42  $119.99
 Add to Cart
CPSA_P_New PDF + Engine

CPSA_P_New PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

During an assessment you walk the perimeter of the building with a guard you find an emergency exit door from the facility and ask the guard what is on the other side. The guard can’t remember, and so uses their assigned, secure key to open the door and show you a corridor within the facility. What most concerns you about the situation?

Options:

A.  

The exit door should not lead into the facility

B.  

The exit door should not be capable of being opened from the outside

C.  

The guard should not have forgotten where the door leads to

D.  

The guard should have sought permission from their manager before opening the door

Discussion 0
Questions 2

After reviewing their completed ROC and AOC, which state that they are compliant, the vendor wishes to be listed on PCI SSC’s list of Compliant Card Vendors. How should you assist them with the listing process?

Options:

A.  

Submit the full ROC to PCI SSC

B.  

Submit only the AOC to PCI SSC

C.  

Inform the vendor that PCI SSC does not list compliant vendors

D.  

Inform the vendor that they must request a listing via the payment brand(s) that received their ROC

Discussion 0
Questions 3

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

Options:

A.  

Payment brands

B.  

Issuing banks

C.  

Vendor

D.  

PCI SSC

Discussion 0
Questions 4

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

Options:

A.  

They may be put into remediation or revoked by the applicable payment brands

B.  

They may be put into remediation or revoked by PCI SSC

C.  

They may be fined by the applicable payment brands

D.  

They may be fined by PCI SSC

Discussion 0
Questions 5

The receptionist responsible for the entrance and departure of visitors must have which of the following?

Options:

A.  

A shredder for the destruction of disposable visitor badges

B.  

A constant, open communication channel with a guard

C.  

An unobstructed view of the reception area at all times

D.  

A means of communicating directly with the visitor while on the premises

Discussion 0
Questions 6

To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

Options:

A.  

The external facing door

B.  

The internal facing door

C.  

The last activated door

D.  

The least secure door

Discussion 0
Questions 7

Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

Options:

A.  

Adding additional rights to someone’s role to give them access to the mam production vault

B.  

Any change to a role that directly affects the security of card products and related components

C.  

Hiring someone that will directly interact with the card issuers

D.  

Promoting someone to senior management level

Discussion 0
Questions 8

Which of these is a requirement of the security control room?

Options:

A.  

Access must be controlled by a physical key (in case of power-failure)

B.  

Access must be monitored in real-time

C.  

At least one guard must be present at all times

D.  

Dual-control must be used to grant entry

Discussion 0
Questions 9

Which of these are guards allowed access to?

Options:

A.  

HSAs

B.  

Audit logs

C.  

Loading bays

D.  

Physical master keys that provide access to card production or provisioning areas

Discussion 0
Questions 10

A vendor uses codes from a chip manufacturer to ‘unlock’ chips and prepare them for use by adding applications and keys. Which of the following best describes this process?

Options:

A.  

Data creation

B.  

Data preparation

C.  

Manufacture

D.  

Pre-personalization

Discussion 0
Questions 11

A vendor receives cardholder information and keys from a bank. The vendor then performs the following:

* Uses its HSM to create keys

* Creates cardholder information specific to each cardholder, including name and PAN

* Formats the data for the hardware that will put it on a card

* Writes it to an encrypted file

Which of the following best describes this process?

Options:

A.  

Data creation

B.  

Data preparation

C.  

Manufacture

D.  

Pre-personalization

Discussion 0
Questions 12

When must HSA motion detectors generate an alarm event?

Options:

A.  

Each time movement is detected

B.  

Each time movement is detected outside of regular business hours

C.  

Each time movement is detected and the access-control system indicates the room is occupied

D.  

Each time movement is detected and the access-control system indicates the room is not occupied

Discussion 0
Questions 13

Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

Options:

A.  

Vendor senior management

B.  

Payment brands

C.  

Affected issuers

D.  

PCI SSC

Discussion 0
Questions 14

Which of the following principles must be enforce by the HSA Access Control system?

Options:

A.  

Dual control

B.  

Dual presence

C.  

Dual control and dual presence

D.  

Dual guard entry when required

Discussion 0
Questions 15

Which of the follow best describes a Technical FAQ?

Options:

A.  

Technical FAQs only apply to the specific technology as the FAQ defines it

B.  

Technical FAQs can be submitted to PCI SSC at any time

C.  

Use of the Technical FAQs is mandatory, they shall be used during an assessment

D.  

Use of the Technical FAQs is optional, they are considered guidance

Discussion 0