
[2023年12月08日] 最新更新されたのはCPSA試験問題2023年更新
無料更新されたPCI CPSAテストエンジン問題には52問題と解答
認定試験はPCIセキュリティ基準評議会(SSC)によって管理され、オンラインで実施されます。試験は80の複数選択の質問で構成されており、2時間の時間制限があります。候補者は、認定を取得するには、80%以上の合格スコアを達成する必要があります。
PCI CPSA認定は、支払いカードの生産に関与するすべての人にとって不可欠な資格です。また、支払いカード業界で働いており、カードの生産に関連するセキュリティリスクを理解したい個人にとっても貴重な認証です。この認定は世界的に認識されており、支払いカード業界で非常に尊敬されています。
質問 # 31
Which of the following must be used by the vendor to protect doors that provide access to buildings containing air conditioning equipment?
- A. Physical locks with a limited set of keys under constant supervision by a guard in the security control-room
- B. Security tape that will leave an observable trace each time a door is opened
- C. Electrical contacts that log each open and close event to a secure system memory
- D. Magnetic contacts that are permanently alarmed and that are connected to the security control-room panels
正解:A
質問 # 32
Which of the following statements about unsolicited visitors is true?
- A. They must complete an NDA before entry is granted
- B. They must be turned away
- C. They must be registered, their identities confirmed, and must be allocated an escort before entry
- D. They must be able to prove a legitimate reason for their visit prior to entry
正解:C
質問 # 33
Before you go on-site, the vendor's primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?
- A. PCI SSC
- B. Vendor senior management
- C. Affected issuers
- D. Payment brands
正解:A
質問 # 34
A vendor discovers that a recent shipment of cards is missing a set. Which of the following responses would you expect in a compliant organization?
- A. An immediate call is made to the issuer and the VPA who, between them, contact law enforcement and put together a joint statement
- B. After an incident review, the VPA, issuer and law enforcement are all notified within 24 hours
- C. The head of security initiates a meeting, and once the VPA approves the messaging, law enforcement is notified in two days
- D. A report is requested by the issuer, the vendor sends it to them, and the issuer handles the incident with the local police
正解:B
質問 # 35
During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your conclusion?
- A. Compliant, because the guard escorted you
- B. Not compliant, because the guard escorted you
- C. Compliant, because the guard ensured that the card product remained under dual control
- D. Not compliant, because an inventory of the card product did not take place prior to entry
正解:C
質問 # 36
Which of the following security awareness measures is required for compliance?
- A. Security awareness exams for all personnel
- B. Annual training on use of mantraps
- C. Security posters must be placed in the facility
- D. Annual training on common attack methods
正解:A
質問 # 37
During an assessment you walk the perimeter of the building with a guard you find an emergency exit door from the facility and ask the guard what is on the other side. The guard can't remember, and so uses their assigned, secure key to open the door and show you a corridor within the facility. What most concerns you about the situation?
- A. The guard should not have forgotten where the door leads to
- B. The exit door should not be capable of being opened from the outside
- C. The guard should have sought permission from their manager before opening the door
- D. The exit door should not lead into the facility
正解:C
質問 # 38
For each requirement listed in a ROC, which types of findings must have a full narrative response?
- A. All types of findings
- B. New or Closed findings only
- C. All types except Not Applicable findings
- D. Non-compliant findings only
正解:C
質問 # 39
Which document describes the results of an assessment, and is signed by both the assessor and the vendor executive officer?
- A. Letter of Approval (LOA)
- B. Attestation of Compliance (AOC)
- C. Report on Compliance (ROC)
- D. Security Assessment Questionnaire (SAQ)
正解:C
質問 # 40
John works for ACME Inc Personalizers. an organization that personalizes payment cards as well as printing the corresponding PIN mailers for distribution directly to the cardholder. Which of the following statements is true?
- A. If John is involved in PIN printing, then he must never be involved in the card shipment process
- B. If John is involved in card personalization then he must not be involved in the printing of the corresponding PINs
- C. If John is involved in card personalization, then he must never be involved in the card shipment process
- D. If John is involved in card personalization, then he must never be involved in PIN printing
正解:D
質問 # 41
A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the dat a. The chip can make contactless transactions. Which of the following best describes the vendor's activity?
- A. Secure Element (SE) provisioning
- B. Host Card Emulation (HCE) provisioning
- C. Fulfillment
- D. Card personalization
正解:A
質問 # 42
A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?
- A. PCI SSC
- B. Issuing banks
- C. Assessor
- D. Payment brands
正解:C
質問 # 43
Which of these are guards allowed access to?
- A. Loading bays
- B. Physical master keys that provide access to card production or provisioning areas
- C. HSAs
- D. Audit logs
正解:B
質問 # 44
Who is required to approve visitor entry to the HSA or cloud-based provisioning environment?
- A. The Security Manager, Production Manager, and the head of the vendor facility
- B. Both the Security Manager and the Production Manager
- C. The head of the vendor facility
- D. The Security Manager
正解:A
質問 # 45
Which of the follow best describes a Technical FAQ?
- A. Use of the Technical FAQs is optional, they are considered guidance
- B. Use of the Technical FAQs is mandatory, they shall be used during an assessment
- C. Technical FAQs can be submitted to PCI SSC at any time
- D. Technical FAQs only apply to the specific technology as the FAQ defines it
正解:A
質問 # 46
Which of these is a requirement of the security control room?
- A. Access must be monitored in real-time
- B. At least one guard must be present at all times
- C. Access must be controlled by a physical key (in case of power-failure)
- D. Dual-control must be used to grant entry
正解:D
質問 # 47
An assessor must provide which of the following to their client at the start of every assessment?
- A. Attestation of Compliance
- B. CPSA Feedback Form
- C. Quality Assurance Manual
- D. Vendor Release Agreement
正解:A
質問 # 48
Under which circumstances may boxes containing card stock remain unsealed within the vault?
- A. Where stock from those boxes will be pulled multiple times per day
- B. Always, as long as an accurate inventory is being maintained
- C. This is never permitted
- D. Where the stock from those boxes will be pulled once at the beginning of production
正解:B
質問 # 49
......
支払いカード業界(PCI)カード生産セキュリティ評価者(CPSA)資格は、カード生産セキュリティで認定されたい個人を対象とした認定プログラムです。 PCI CPSA認定は、個人がカード生産環境のセキュリティを評価するために必要な知識とスキルを確保するように設計されています。
100%の合格率を試そう!更新されたのはCPSA試験問題 [2023年更新]:https://jp.fast2test.com/CPSA-premium-file.html