Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free PCI SSC CPSA Practice Exam with Questions & Answers

Questions 1

In relation to guards, which of the following must the vendor ensure?

Options:
A.

A clear segregation of duties is maintained between production staff and guards

B.

A clear segregation of duties is maintained between guard and reception related job functions

C.

There is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

D.

There is always at least one guard in the HSA and one guard in the security control room at all times

PCI SSC CPSA Premium Access
Questions 2

A vendor hosts virtual secure elements holding cardholder information in their data center. When a cardholder makes a purchase, the vendor creates a payment token which is sent to the cardholder’s mobile device. Which of the following best describes the vendor’s activities?

Options:
A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Over-the-air (OTA) provisioning

Questions 3

Which of these is a requirement of the security control room?

Options:
A.

Access must be controlled by a physical key (in case of power-failure)

B.

Access must be monitored in real-time

C.

At least one guard must be present at all times

D.

Dual-control must be used to grant entry

Questions 4

If you have a query about a missing field in the card production reporting template, which organization is best-placed to answer it?

Options:
A.

The payment brands

B.

The vendor

C.

The issuer

D.

PCI SSC

Questions 5

If a vendor plans to terminate an employee, which of these must be done?

Options:
A.

The employee must be escorted from the premises immediately

B.

The employee's locker and desk must be searched prior to termination

C.

The Human Resources department must be notified prior to termination

D.

The security manager must be notified in writing prior to termination

Questions 6

A vendor receives cardholder information and keys from a bank. The vendor then performs the following:

* Uses its HSM to create keys

* Creates cardholder information specific to each cardholder, including name and PAN

* Formats the data for the hardware that will put it on a card

* Writes it to an encrypted file

Which of the following best describes this process?

Options:
A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization

Questions 7

During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?

Options:
A.

Employee information, including background checks, must be stored for at least seven years

B.

Employee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)

C.

The vendor must retain the background information for at least 18 months after termination of contract

D.

The vendor must only retain background information for all current employees, not for those that have been terminated

Questions 8

The vendor's technical documentation shows that the alarm system does not send alerts to the security control room. After a discussion you learn that the alarm works perfectly, and sends a clear signal to summon the local police every time an emergency exit is opened. Why might this cause a problem for their assessment?

Options:
A.

If the local police have not been issued with an exterior key. they will not be able to investigate the cause of the alarm and reset it

B.

During working hours, the alarm should be managed in the security control room, or by a central monitoring service

C.

If the local police receive too many false-positive alerts, they may not respond within 15 minutes of the alarm

D.

During busy times, the local police may not be able to respond

Questions 9

A vendor uses codes from a chip manufacturer to ‘unlock’ chips and prepare them for use by adding applications and keys. Which of the following best describes this process?

Options:
A.

Data creation

B.

Data preparation

C.

Manufacture

D.

Pre-personalization

Questions 10

A vendor has a list of pre-approved third parties which may be granted access to the facility. Under what circumstances can other third-parties be granted access?

Options:
A.

None, only people on the pre-approved list may enter

B.

When they are approved by the physical security manager or senior management

C.

When the third party s liability insurance covers the risk

D.

When no card production activities are taking place

Exam Code: CPSA
Certification Provider: PCI SSC
Exam Name: Card Production Security Assessor (CPSA)Qualification Exam
Last Update: Jul 10, 2025
Questions: 50

How to Pass CPSA Exams

PDF + Testing Engine
$164.99
$66
Add to Cart
Testing Engine
$124.99
$50
Add to Cart
PDF (Q&A)
$104.99
$42
Add to Cart

PCI SSC Related Exams

PCI SSC Free Access
Get PCI SSC Full Access

PCI SSC Free Exams
PCI SSC Free Exams
Unlock free PCI SSC exam resources and practice tests at Examstrack. Boost your PCI SSC exam readiness with top-notch materials.