New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CPSA_P_New Questions and Answers

Question # 6

After reviewing their completed ROC and AOC, which state that they are compliant, the vendor wishes to be listed on PCI SSC’s list of Compliant Card Vendors. How should you assist them with the listing process?

A.

Submit the full ROC to PCI SSC

B.

Submit only the AOC to PCI SSC

C.

Inform the vendor that PCI SSC does not list compliant vendors

D.

Inform the vendor that they must request a listing via the payment brand(s) that received their ROC

Full Access
Question # 7

A vendor has a list of pre-approved third parties which may be granted access to the facility. Under what circumstances can other third-parties be granted access?

A.

None, only people on the pre-approved list may enter

B.

When they are approved by the physical security manager or senior management

C.

When the third party s liability insurance covers the risk

D.

When no card production activities are taking place

Full Access
Question # 8

Which of these is a requirement of the security control room?

A.

Access must be controlled by a physical key (in case of power-failure)

B.

Access must be monitored in real-time

C.

At least one guard must be present at all times

D.

Dual-control must be used to grant entry

Full Access
Question # 9

Which of the following statements is true about the facility’s non-emergency exits?

A.

They must be contact-alarm monitored only when card production activities are taking place

B.

They must be configured to prevent staff tailgating

C.

They may be left unlocked when a guard is present

D.

They must be fitted with biometric access-control devices

Full Access
Question # 10

During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?

A.

Employee information, including background checks, must be stored for at least seven years

B.

Employee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)

C.

The vendor must retain the background information for at least 18 months after termination of contract

D.

The vendor must only retain background information for all current employees, not for those that have been terminated

Full Access
Question # 11

Which of the following security awareness measures is required for compliance?

A.

Annual training on common attack methods

B.

Annual training on use of mantraps

C.

Security awareness exams for all personnel

D.

Security posters must be placed in the facility

Full Access
Question # 12

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Full Access
Question # 13

Which document describes the results of an assessment, and is signed by both the assessor and the vendor executive officer?

A.

Security Assessment Questionnaire (SAQ)

B.

Attestation of Compliance (AOC)

C.

Report on Compliance (ROC)

D.

Letter of Approval (LOA)

Full Access
Question # 14

The receptionist responsible for the entrance and departure of visitors must have which of the following?

A.

A shredder for the destruction of disposable visitor badges

B.

A constant, open communication channel with a guard

C.

An unobstructed view of the reception area at all times

D.

A means of communicating directly with the visitor while on the premises

Full Access
Question # 15

For how long must a vendor retain all applicant and employee background information on file?

A.

For at least 12 months after termination of the contract of employment

B.

For at least 18 months after termination of the contract of employment

C.

For at least 24 months after termination of the contract of employment

D.

It is not a requirement to store this information beyond termination of the contract

Full Access