CPSA練習問題集で検証済みで更新された52問題あります [Q28-Q46]

Share

CPSA練習問題集で検証済みで更新された52問題あります

更新されたCPSA試験問題集でPDF問題とテストエンジン


PCI CPSA認定は、敏感なデータの完全性と機密性を確保するために必要なセキュリティ要件を包括的に理解するため、支払いカードの生産に関与する企業に特に関連しています。認定プログラムは、GDPRやCCPAなどの規制要件に準拠しようとしている企業にとっても重要です。

 

質問 # 28
The vendor's technical documentation shows that the alarm system does not send alerts to the security control room. After a discussion you learn that the alarm works perfectly, and sends a clear signal to summon the local police every time an emergency exit is opened. Why might this cause a problem for their assessment?

  • A. During working hours, the alarm should be managed in the security control room, or by a central monitoring service
  • B. If the local police have not been issued with an exterior key. they will not be able to investigate the cause of the alarm and reset it
  • C. If the local police receive too many false-positive alerts, they may not respond within 15 minutes of the alarm
  • D. During busy times, the local police may not be able to respond

正解:C


質問 # 29
A vendor receives cardholder information and keys from a bank. The vendor then performs the following:
* Uses its HSM to create keys
* Creates cardholder information specific to each cardholder, including name and PAN
* Formats the data for the hardware that will put it on a card
* Writes it to an encrypted file
Which of the following best describes this process?

  • A. Pre-personalization
  • B. Manufacture
  • C. Data creation
  • D. Data preparation

正解:A


質問 # 30
Which of the following statements about unsolicited visitors is true?

  • A. They must be turned away
  • B. They must be able to prove a legitimate reason for their visit prior to entry
  • C. They must be registered, their identities confirmed, and must be allocated an escort before entry
  • D. They must complete an NDA before entry is granted

正解:C


質問 # 31
A cardholder wants to make purchases using their phone, so they have their cardholder information programmed into their SIM card using their mobile phone provider. Which of the following best describes this system?

  • A. Over-the-air (OTA) provisioning
  • B. Host Card Emulation (HCE) provisioning
  • C. Card personalization
  • D. Secure Element (SE) provisioning

正解:B


質問 # 32
For each requirement listed in a ROC, which types of findings must have a full narrative response?

  • A. Non-compliant findings only
  • B. All types except Not Applicable findings
  • C. New or Closed findings only
  • D. All types of findings

正解:B


質問 # 33
Which document describes the results of an assessment, and is signed by both the assessor and the vendor executive officer?

  • A. Security Assessment Questionnaire (SAQ)
  • B. Attestation of Compliance (AOC)
  • C. Report on Compliance (ROC)
  • D. Letter of Approval (LOA)

正解:C


質問 # 34
Which of the following principles must be enforce by the HSA Access Control system?

  • A. Dual control and dual presence
  • B. Dual presence
  • C. Dual control
  • D. Dual guard entry when required

正解:A


質問 # 35
A vendor has a list of pre-approved third parties which may be granted access to the facility. Under what circumstances can other third-parties be granted access?

  • A. None, only people on the pre-approved list may enter
  • B. When they are approved by the physical security manager or senior management
  • C. When no card production activities are taking place
  • D. When the third party s liability insurance covers the risk

正解:B


質問 # 36
Which of the follow best describes a Technical FAQ?

  • A. Technical FAQs only apply to the specific technology as the FAQ defines it
  • B. Technical FAQs can be submitted to PCI SSC at any time
  • C. Use of the Technical FAQs is optional, they are considered guidance
  • D. Use of the Technical FAQs is mandatory, they shall be used during an assessment

正解:C


質問 # 37
Which of the following security awareness measures is required for compliance?

  • A. Annual training on common attack methods
  • B. Security awareness exams for all personnel
  • C. Security posters must be placed in the facility
  • D. Annual training on use of mantraps

正解:B


質問 # 38
If you have a query about a missing field in the card production reporting template, which organization is best-placed to answer it?

  • A. The issuer
  • B. The vendor
  • C. The payment brands
  • D. PCI SSC

正解:A


質問 # 39
When must HSA motion detectors generate an alarm event?

  • A. Each time movement is detected
  • B. Each time movement is detected and the access-control system indicates the room is occupied
  • C. Each time movement is detected outside of regular business hours
  • D. Each time movement is detected and the access-control system indicates the room is not occupied

正解:D


質問 # 40
The receptionist responsible for the entrance and departure of visitors must have which of the following?

  • A. A means of communicating directly with the visitor while on the premises
  • B. An unobstructed view of the reception area at all times
  • C. A constant, open communication channel with a guard
  • D. A shredder for the destruction of disposable visitor badges

正解:B


質問 # 41
How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

  • A. Every day
  • B. Every 3 months
  • C. Every week
  • D. Every month

正解:B


質問 # 42
To liberate a person detected inside of the inner shipping delivery room and stop the alarm, the software monitoring the access-control system must only allow the opening of which door?

  • A. The internal facing door
  • B. The least secure door
  • C. The external facing door
  • D. The last activated door

正解:A


質問 # 43
For how long must a vendor retain all applicant and employee background information on file?

  • A. It is not a requirement to store this information beyond termination of the contract
  • B. For at least 24 months after termination of the contract of employment
  • C. For at least 12 months after termination of the contract of employment
  • D. For at least 18 months after termination of the contract of employment

正解:B


質問 # 44
John works for ACME Inc Personalizers. an organization that personalizes payment cards as well as printing the corresponding PIN mailers for distribution directly to the cardholder. Which of the following statements is true?

  • A. If John is involved in card personalization, then he must never be involved in the card shipment process
  • B. If John is involved in PIN printing, then he must never be involved in the card shipment process
  • C. If John is involved in card personalization then he must not be involved in the printing of the corresponding PINs
  • D. If John is involved in card personalization, then he must never be involved in PIN printing

正解:D


質問 # 45
An assessor must provide which of the following to their client at the start of every assessment?

  • A. Quality Assurance Manual
  • B. CPSA Feedback Form
  • C. Attestation of Compliance
  • D. Vendor Release Agreement

正解:C


質問 # 46
......


PCI CPSA試験は、支払いカードの安全な生産に関連するさまざまなトピックをカバーする厳格な認証プログラムです。この試験では、カードの製造、パーソナライズ、主要な管理、機密データの安全なストレージなどのトピックについて説明しています。また、PCIデータセキュリティ標準(PCI DSS)や支払いアプリケーションデータセキュリティ標準(PA-DSS)など、最新のセキュリティ基準とガイドラインもカバーしています。

 

最新(2023)PCI CPSA試験問題集:https://jp.fast2test.com/CPSA-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어