- All Exams Instant Download
What most concerns you about the location?
You are driving to a vendor for their first assessment. The facility is in a rural area, twenty miles away from the nearest large town. What most concerns you about the location?A . The local fire service may not be able to reach the facility within 15 minutesB . Law...
What is your conclusion?
During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your...
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?A . PCI SSCB . AssessorC . Issuing banksD . Payment brandsView AnswerAnswer: D Explanation: The PCI SSC does not enforce compliance, nor does it mandate penalties for non-compliance. Compliance with...
Which of these is a requirement of the security control room?
Which of these is a requirement of the security control room?A . Access must be controlled by a physical key (in case of power-failure)B . Access must be monitored in real-timeC . At least one guard must be present at all timesD . Dual-control must be used to grant entryView...
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?A . AssessorB . Issuing banksC . Payment brandsD . PCI SSCView AnswerAnswer: A Explanation: The assessor is the person who conducts the PCI Card Production Security Assessment and prepares the Card Production Report on...
You note this as non- compliant, why?
During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract)...
Which of the following are possible outcomes?
A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?A . They may be put into remediation or revoked by the applicable payment brandsB . They may be put into remediation or...
Which of the following best describes the vendor’s activity?
A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the data. The chip can make contactless transactions. Which of the following best describes the vendor’s activity?A . Card personalizationB . Host Card Emulation (HCE) provisioningC . Secure Element...
Which of the following best describes this process?
A vendor receives cardholder information and keys from a bank. The vendor then performs the following: * Uses its HSM to create keys * Creates cardholder information specific to each cardholder, including name and PAN * Formats the data for the hardware that will put it on a card *...
Under which circumstances may boxes containing card stock remain unsealed within the vault?
Under which circumstances may boxes containing card stock remain unsealed within the vault?A . Where stock from those boxes will be pulled multiple times per dayB . Where the stock from those boxes will be pulled once at the beginning of productionC . Always, as long as an accurate inventory...
