Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CPSA_P_New Exam Dumps - CPSA Physical New

Question # 4

Which document describes the results of an assessment, and is signed by both the assessor and the vendor executive officer?

A.

Security Assessment Questionnaire (SAQ)

B.

Attestation of Compliance (AOC)

C.

Report on Compliance (ROC)

D.

Letter of Approval (LOA)

Full Access
Question # 5

Where can misprinted, partially finished cards be shredded?

A.

In any HSA room approved by the security manager

B.

Either in the HSA printing room or destruction room

C.

Only in the HSA destruction room

D.

Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room

Full Access
Question # 6

After reviewing their completed ROC and AOC, which state that they are compliant, the vendor wishes to be listed on PCI SSC’s list of Compliant Card Vendors. How should you assist them with the listing process?

A.

Submit the full ROC to PCI SSC

B.

Submit only the AOC to PCI SSC

C.

Inform the vendor that PCI SSC does not list compliant vendors

D.

Inform the vendor that they must request a listing via the payment brand(s) that received their ROC

Full Access
Question # 7

John works for ACME Inc Personalizers. an organization that personalizes payment cards as well as printing the corresponding PIN mailers for distribution directly to the cardholder. Which of the following statements is true?

A.

If John is involved in card personalization then he must not be involved in the printing of the corresponding PINs

B.

If John is involved in card personalization, then he must never be involved in the card shipment process

C.

If John is involved in card personalization, then he must never be involved in PIN printing

D.

If John is involved in PIN printing, then he must never be involved in the card shipment process

Full Access
Question # 8

Which of the following statements about unsolicited visitors is true?

A.

They must be turned away

B.

They must complete an NDA before entry is granted

C.

They must be able to prove a legitimate reason for their visit prior to entry

D.

They must be registered, their identities confirmed, and must be allocated an escort before entry

Full Access
Question # 9

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Full Access
Question # 10

Which of the following must be used by the vendor to protect doors that provide access to buildings containing air conditioning equipment?

A.

Security tape that will leave an observable trace each time a door is opened

B.

Electrical contacts that log each open and close event to a secure system memory

C.

Magnetic contacts that are permanently alarmed and that are connected to the security control-room panels

D.

Physical locks with a limited set of keys under constant supervision by a guard in the security control-room

Full Access
Question # 11

Which of these is a requirement of the security control room?

A.

Access must be controlled by a physical key (in case of power-failure)

B.

Access must be monitored in real-time

C.

At least one guard must be present at all times

D.

Dual-control must be used to grant entry

Full Access
Question # 12

Which of the following statements is true in relation to visitor access badges?

A.

Each visitor entering the facility must be issued and must visibly wear a disposable ID badge that identifies them as a non-employee

B.

Each visitor entering the facility must wear their issued access badge above waist height

C.

Badges with access-controls must not be issued to visitors

D.

Unissued visitor access badges must be securely stored

Full Access
Question # 13

If you have a query about a missing field in the card production reporting template, which organization is best-placed to answer it?

A.

The payment brands

B.

The vendor

C.

The issuer

D.

PCI SSC

Full Access
Question # 14

A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?

A.

PCI SSC

B.

Assessor

C.

Issuing banks

D.

Payment brands

Full Access
Question # 15

Which of the following security awareness measures is required for compliance?

A.

Annual training on common attack methods

B.

Annual training on use of mantraps

C.

Security awareness exams for all personnel

D.

Security posters must be placed in the facility

Full Access