PCI CPSA試験問題(更新されたのは2023年)100%リアル問題解答 [Q20-Q45]

Share

PCI CPSA試験問題(更新されたのは2023年)100%リアル問題解答

合格させるPCI CPSA試験最速合格

質問 # 20
Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

  • A. Promoting someone to senior management level
  • B. Hiring someone that will directly interact with the card issuers
  • C. Adding additional rights to someone's role to give them access to the mam production vault
  • D. Any change to a role that directly affects the security of card products and related components

正解:D


質問 # 21
How frequently must alarms on external doors of a card production and provisioning vendor environment be tested?

  • A. Every month
  • B. Every day
  • C. Every 3 months
  • D. Every week

正解:C


質問 # 22
During an assessment you do a walk-through of bringing card products into the HSA using the goods-tools trap. You act as production staff, using an empty cardboard box as the card products. During the process, the guard escorts you, along with the box, into the pre-press room. What is your conclusion?

  • A. Not compliant, because the guard escorted you
  • B. Not compliant, because an inventory of the card product did not take place prior to entry
  • C. Compliant, because the guard ensured that the card product remained under dual control
  • D. Compliant, because the guard escorted you

正解:C


質問 # 23
An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

  • A. Payment brands
  • B. PCI SSC
  • C. Issuing banks
  • D. Vendor

正解:B


質問 # 24
Before you go on-site, the vendor's primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

  • A. Payment brands
  • B. PCI SSC
  • C. Affected issuers
  • D. Vendor senior management

正解:B


質問 # 25
Which of the following must be used by the vendor to protect doors that provide access to buildings containing air conditioning equipment?

  • A. Physical locks with a limited set of keys under constant supervision by a guard in the security control-room
  • B. Magnetic contacts that are permanently alarmed and that are connected to the security control-room panels
  • C. Electrical contacts that log each open and close event to a secure system memory
  • D. Security tape that will leave an observable trace each time a door is opened

正解:A


質問 # 26
Which of the following statements is true in relation to visitor access badges?

  • A. Badges with access-controls must not be issued to visitors
  • B. Unissued visitor access badges must be securely stored
  • C. Each visitor entering the facility must be issued and must visibly wear a disposable ID badge that identifies them as a non-employee
  • D. Each visitor entering the facility must wear their issued access badge above waist height

正解:C


質問 # 27
A vendor uses codes from a chip manufacturer to 'unlock' chips and prepare them for use by adding applications and keys. Which of the following best describes this process?

  • A. Manufacture
  • B. Data creation
  • C. Pre-personalization
  • D. Data preparation

正解:C


質問 # 28
In relation to guards, which of the following must the vendor ensure?

  • A. A clear segregation of duties is maintained between production staff and guards
  • B. There is always at least one guard on-site, including outside of working hours, to monitor security systems and premises
  • C. A clear segregation of duties is maintained between guard and reception related job functions
  • D. There is always at least one guard in the HSA and one guard in the security control room at all times

正解:B


質問 # 29
For how long must a vendor retain all applicant and employee background information on file?

  • A. For at least 18 months after termination of the contract of employment
  • B. It is not a requirement to store this information beyond termination of the contract
  • C. For at least 24 months after termination of the contract of employment
  • D. For at least 12 months after termination of the contract of employment

正解:C


質問 # 30
Who is required to approve visitor entry to the HSA or cloud-based provisioning environment?

  • A. Both the Security Manager and the Production Manager
  • B. The Security Manager
  • C. The Security Manager, Production Manager, and the head of the vendor facility
  • D. The head of the vendor facility

正解:C


質問 # 31
The vendor's technical documentation shows that the alarm system does not send alerts to the security control room. After a discussion you learn that the alarm works perfectly, and sends a clear signal to summon the local police every time an emergency exit is opened. Why might this cause a problem for their assessment?

  • A. If the local police receive too many false-positive alerts, they may not respond within 15 minutes of the alarm
  • B. If the local police have not been issued with an exterior key. they will not be able to investigate the cause of the alarm and reset it
  • C. During working hours, the alarm should be managed in the security control room, or by a central monitoring service
  • D. During busy times, the local police may not be able to respond

正解:A


質問 # 32
An assessor must provide which of the following to their client at the start of every assessment?

  • A. CPSA Feedback Form
  • B. Quality Assurance Manual
  • C. Vendor Release Agreement
  • D. Attestation of Compliance

正解:D


質問 # 33
Which of the following principles must be enforce by the HSA Access Control system?

  • A. Dual presence
  • B. Dual control and dual presence
  • C. Dual guard entry when required
  • D. Dual control

正解:B


質問 # 34
Which of the following statements is true about the facility's non-emergency exits?

  • A. They may be left unlocked when a guard is present
  • B. They must be configured to prevent staff tailgating
  • C. They must be fitted with biometric access-control devices
  • D. They must be contact-alarm monitored only when card production activities are taking place

正解:B


質問 # 35
During an assessment you walk the perimeter of the building with a guard you find an emergency exit door from the facility and ask the guard what is on the other side. The guard can't remember, and so uses their assigned, secure key to open the door and show you a corridor within the facility. What most concerns you about the situation?

  • A. The guard should have sought permission from their manager before opening the door
  • B. The guard should not have forgotten where the door leads to
  • C. The exit door should not be capable of being opened from the outside
  • D. The exit door should not lead into the facility

正解:A


質問 # 36
Where can misprinted, partially finished cards be shredded?

  • A. Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room
  • B. Only in the HSA destruction room
  • C. Either in the HSA printing room or destruction room
  • D. In any HSA room approved by the security manager

正解:A


質問 # 37
A vendor discovers that a recent shipment of cards is missing a set. Which of the following responses would you expect in a compliant organization?

  • A. A report is requested by the issuer, the vendor sends it to them, and the issuer handles the incident with the local police
  • B. An immediate call is made to the issuer and the VPA who, between them, contact law enforcement and put together a joint statement
  • C. After an incident review, the VPA, issuer and law enforcement are all notified within 24 hours
  • D. The head of security initiates a meeting, and once the VPA approves the messaging, law enforcement is notified in two days

正解:C


質問 # 38
You wish to check that you are using the most current version of the Card Production requirements. What should you do?

  • A. Download it from PCI SSC's Document Library
  • B. Email a request for the document to PCI SSC
  • C. View it directly via PCI SSC Assessor Portal
  • D. Have the CPSA Company's point of contact request the document

正解:A


質問 # 39
A vendor receives cardholder information and keys from a bank. The vendor then performs the following:
* Uses its HSM to create keys
* Creates cardholder information specific to each cardholder, including name and PAN
* Formats the data for the hardware that will put it on a card
* Writes it to an encrypted file
Which of the following best describes this process?

  • A. Manufacture
  • B. Data creation
  • C. Pre-personalization
  • D. Data preparation

正解:C


質問 # 40
......

リアルPCI CPSA試験問題 [更新されたのは2023年]:https://jp.fast2test.com/CPSA-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어