- All Exams Instant Download
Where can misprinted, partially finished cards be shredded?
Where can misprinted, partially finished cards be shredded?A . In any HSA room approved by the security managerB . Either in the HSA printing room or destruction roomC . Only in the HSA destruction roomD . Either in the HSA destruction room or a loading bay that meets all requirements...
An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?
An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?A . Payment brandsB . Issuing banksC . VendorD . PCI SSCView AnswerAnswer: D Explanation: The PCI SSC (Payment Card Industry Security Standards Council) is the organization that develops and...
What most concerns you about the location?
You are driving to a vendor for their first assessment. The facility is in a rural area, twenty miles away from the nearest large town. What most concerns you about the location?A . The local fire service may not be able to reach the facility within 15 minutesB . Law...
What is your conclusion?
During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your...
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?A . PCI SSCB . AssessorC . Issuing banksD . Payment brandsView AnswerAnswer: D Explanation: The PCI SSC does not enforce compliance, nor does it mandate penalties for non-compliance. Compliance with...
Which of these is a requirement of the security control room?
Which of these is a requirement of the security control room?A . Access must be controlled by a physical key (in case of power-failure)B . Access must be monitored in real-timeC . At least one guard must be present at all timesD . Dual-control must be used to grant entryView...
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?
A vendor is unsure which forms are needed to complete an assessment. Who should they ask?A . AssessorB . Issuing banksC . Payment brandsD . PCI SSCView AnswerAnswer: A Explanation: The assessor is the person who conducts the PCI Card Production Security Assessment and prepares the Card Production Report on...
You note this as non- compliant, why?
During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract)...
Which of the following are possible outcomes?
A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?A . They may be put into remediation or revoked by the applicable payment brandsB . They may be put into remediation or...
Which of the following best describes the vendor’s activity?
A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the data. The chip can make contactless transactions. Which of the following best describes the vendor’s activity?A . Card personalizationB . Host Card Emulation (HCE) provisioningC . Secure Element...
