Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which of the follow best describes a Technical FAQ?

A.

Technical FAQs only apply to the specific technology as the FAQ defines it

B.

Technical FAQs can be submitted to PCI SSC at any time

C.

Use of the Technical FAQs is mandatory, they shall be used during an assessment

D.

Use of the Technical FAQs is optional, they are considered guidance

For how long must a CPSA Company maintain workpapers and technical information obtained during an assessment?

A.

Until each applicable payment brand has accepted (and signed off) the ROC and AOC

B.

As long as the entity under assessment is a client of the CPSA Company

C.

3 years

D.

1 year

Which of the following statements about unsolicited visitors is true?

A.

They must be turned away

B.

They must complete an NDA before entry is granted

C.

They must be able to prove a legitimate reason for their visit prior to entry

D.

They must be registered, their identities confirmed, and must be allocated an escort before entry

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

A.

They may be put into remediation or revoked by the applicable payment brands

B.

They may be put into remediation or revoked by PCI SSC

C.

They may be fined by the applicable payment brands

D.

They may be fined by PCI SSC

In relation to guards, which of the following must the vendor ensure?

A.

A clear segregation of duties is maintained between production staff and guards

B.

A clear segregation of duties is maintained between guard and reception related job functions

C.

There is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

D.

There is always at least one guard in the HSA and one guard in the security control room at all times

An assessor must provide which of the following to their client at the start of every assessment?

A.

CPSA Feedback Form

B.

Quality Assurance Manual

C.

Attestation of Compliance

D.

Vendor Release Agreement

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?

A.

Provide only certified guards

B.

Register their service with the VPA

C.

Maintain their own liability insurance in case of losses to card material

D.

Undergo their own Card Production assessment and provide evidence of a passing result

Which of the following must be used by the vendor to protect doors that provide access to buildings containing air conditioning equipment?

A.

Security tape that will leave an observable trace each time a door is opened

B.

Electrical contacts that log each open and close event to a secure system memory

C.

Magnetic contacts that are permanently alarmed and that are connected to the security control-room panels

D.

Physical locks with a limited set of keys under constant supervision by a guard in the security control-room

A vendor uses codes from a chip manufacturer to ‘unlock’ chips and prepare them for use by adding applications and keys. Which of the following best describes this process?

A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization