PCI SSC CPSA_P_New Card Production Security AssessorCPSA Physical NewExam Online Training
PCI SSC CPSA_P_New Online Training
The questions for CPSA_P_New were last updated at Apr 21,2025.
- Exam Code: CPSA_P_New
- Exam Name: Card Production Security AssessorCPSA Physical NewExam
- Certification Provider: PCI SSC
- Latest update: Apr 21,2025
A vendor puts cardholder information into a chip by sliding a payment card through a machine that
programs it and verifies the data. The chip can make contactless transactions.
Which of the following best describes the vendor’s activity?
- A . Card personalization
- B . Host Card Emulation (HCE) provisioning
- C . Secure Element (SE) provisioning
- D . Fulfillment
You are driving to a vendor for their first assessment. The facility is in a rural area, twenty miles away from the nearest large town.
What most concerns you about the location?
- A . The local fire service may not be able to reach the facility within 15 minutes
- B . Law enforcement services may not be able to reach the facility in a timely manner
- C . Power blackouts may affect security systems
- D . There may not be adequate retail outlets, which may cause problems when sourcing lunch items for onsite personnel
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
- A . PCI SSC
- B . Assessor
- C . Issuing banks
- D . Payment brands
A vendor receives cardholder information and keys from a bank.
The vendor then performs the following:
* Uses its HSM to create keys
* Creates cardholder information specific to each cardholder, including name and PAN
* Formats the data for the hardware that will put it on a card
* Writes it to an encrypted file
Which of the following best describes this process?
- A . Data creation
- B . Data preparation
- C . Manufacture
- D . Pre-personalization
An assessor must provide which of the following to their client at the start of every assessment?
- A . CPSA Feedback Form
- B . Quality Assurance Manual
- C . Attestation of Compliance
- D . Vendor Release Agreement
An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?
- A . Payment brands
- B . Issuing banks
- C . Vendor
- D . PCI SSC
When must HSA motion detectors generate an alarm event?
- A . Each time movement is detected
- B . Each time movement is detected outside of regular business hours
- C . Each time movement is detected and the access-control system indicates the room is occupied
- D . Each time movement is detected and the access-control system indicates the room is not occupied
Which of these is a requirement of the security control room?
- A . Access must be controlled by a physical key (in case of power-failure)
- B . Access must be monitored in real-time
- C . At least one guard must be present at all times
- D . Dual-control must be used to grant entry
During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously.
You note this as non- compliant, why?
- A . Employee information, including background checks, must be stored for at least seven years
- B . Employee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)
- C . The vendor must retain the background information for at least 18 months after termination of contract
- D . The vendor must only retain background information for all current employees, not for those that
have been terminated
The vendor’s technical documentation shows that the alarm system does not send alerts to the security control room. After a discussion you learn that the alarm works perfectly, and sends a clear signal to summon the local police every time an emergency exit is opened.
Why might this cause a problem for their assessment?
- A . If the local police have not been issued with an exterior key. they will not be able to investigate the cause of the alarm and reset it
- B . During working hours, the alarm should be managed in the security control room, or by a central monitoring service
- C . If the local police receive too many false-positive alerts, they may not respond within 15 minutes of the alarm
- D . During busy times, the local police may not be able to respond
Latest CPSA_P_New Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
