PCI CPSA Card Production Security Assessor (CPSA)QualificationExam Online Training
PCI CPSA Online Training
The questions for CPSA were last updated at May 09,2025.
- Exam Code: CPSA
- Exam Name: Card Production Security Assessor (CPSA)QualificationExam
- Certification Provider: PCI
- Latest update: May 09,2025
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
- A . PCI SSC
- B . Assessor
- C . Issuing banks
- D . Payment brands
The receptionist responsible for the entrance and departure of visitors must have which of the following?
- A . A shredder for the destruction of disposable visitor badges
- B . A constant, open communication channel with a guard
- C . An unobstructed view of the reception area at all times
- D . A means of communicating directly with the visitor while on the premises
Who performs regular AQM audits of CPSA companies?
- A . Issuing banks
- B . Payment brands
- C . PCI SSC
- D . Vendor
How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?
- A . Every day
- B . Every week
- C . Every month
- D . Every 3 months
John works for ACME Inc Personalizers. an organization that personalizes payment cards as well as printing the corresponding PIN mailers for distribution directly to the cardholder.
Which of the following statements is true?
- A . If John is involved in card personalization then he must not be involved in the printing of the corresponding PINs
- B . If John is involved in card personalization, then he must never be involved in the card shipment process
- C . If John is involved in card personalization, then he must never be involved in PIN printing
- D . If John is involved in PIN printing, then he must never be involved in the card shipment process
A cardholder wants to make purchases using their phone, so they have their cardholder information programmed into their SIM card using their mobile phone provider.
Which of the following best describes this system?
- A . Card personalization
- B . Host Card Emulation (HCE) provisioning
- C . Secure Element (SE) provisioning
- D . Over-the-air (OTA) provisioning
A vendor discovers that a recent shipment of cards is missing a set.
Which of the following responses would you expect in a compliant organization?
- A . An immediate call is made to the issuer and the VPA who, between them, contact law enforcement and put together a joint statement
- B . The head of security initiates a meeting, and once the VPA approves the messaging, law enforcement is notified in two days
- C . A report is requested by the issuer, the vendor sends it to them, and the issuer handles the incident with the local police
- D . After an incident review, the VPA, issuer and law enforcement are all notified within 24 hours
Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months.
Who can approve the change in the report delivery schedule?
- A . Vendor senior management
- B . Payment brands
- C . Affected issuers
- D . PCI SSC
Which of these are guards allowed access to?
- A . HSAs
- B . Audit logs
- C . Loading bays
- D . Physical master keys that provide access to card production or provisioning areas
Where can misprinted, partially finished cards be shredded?
- A . In any HSA room approved by the security manager
- B . Either in the HSA printing room or destruction room
- C . Only in the HSA destruction room
- D . Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room
Latest CPSA Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
