Summer Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. PCI SSC
  4. CPSA
  5. Card Production Security Assessor (CPSA)QualificationExam Questions and Answers

CPSA Card Production Security Assessor (CPSA)QualificationExam Questions and Answers

Questions 4

Who is required to approve visitor entry to the HSA or cloud-based provisioning environment?

Options:

A.

The head of the vendor facility

B.

The Security Manager

C.

Both the Security Manager and the Production Manager

D.

The Security Manager, Production Manager, and the head of the vendor facility

Buy Now
Questions 5

If a vendor plans to terminate an employee, which of these must be done?

Options:

A.

The employee must be escorted from the premises immediately

B.

The employee's locker and desk must be searched prior to termination

C.

The Human Resources department must be notified prior to termination

D.

The security manager must be notified in writing prior to termination

Buy Now
Questions 6

Where can misprinted, partially finished cards be shredded?

Options:

A.

In any HSA room approved by the security manager

B.

Either in the HSA printing room or destruction room

C.

Only in the HSA destruction room

D.

Either in the HSA destruction room or a loading bay that meets all requirements of a destruction room

Buy Now
Questions 7

A vendor puts cardholder information into a chip by sliding a payment card through a machine that programs it and verifies the data. The chip can make contactless transactions. Which of the following best describes the vendor’s activity?

Options:

A.

Card personalization

B.

Host Card Emulation (HCE) provisioning

C.

Secure Element (SE) provisioning

D.

Fulfillment

Buy Now
Questions 8

For how long must a vendor retain all applicant and employee background information on file?

Options:

A.

For at least 12 months after termination of the contract of employment

B.

For at least 18 months after termination of the contract of employment

C.

For at least 24 months after termination of the contract of employment

D.

It is not a requirement to store this information beyond termination of the contract

Buy Now
Questions 9

Before you go on-site, the vendor’s primary contact communicates a legitimate reason for delaying the assessment for several months. Who can approve the change in the report delivery schedule?

Options:

A.

Vendor senior management

B.

Payment brands

C.

Affected issuers

D.

PCI SSC

Buy Now
Questions 10

In relation to guards, which of the following must the vendor ensure?

Options:

A.

A clear segregation of duties is maintained between production staff and guards

B.

A clear segregation of duties is maintained between guard and reception related job functions

C.

There is always at least one guard on-site, including outside of working hours, to monitor security systems and premises

D.

There is always at least one guard in the HSA and one guard in the security control room at all times

Buy Now
Questions 11

You wish to check that you are using the most current version of the Card Production requirements. What should you do?

Options:

A.

Have the CPSA Company’s point of contact request the document

B.

Download it from PCI SSC’s Document Library

C.

Email a request for the document to PCI SSC

D.

View it directly via PCI SSC Assessor Portal

Buy Now
Questions 12

A vendor wants to know if they will be penalized if their vault is not compliant. Who should they ask?

Options:

A.

PCI SSC

B.

Assessor

C.

Issuing banks

D.

Payment brands

Buy Now
Questions 13

A CPSA Company has submitted multiple reports that are incomplete and do not contain the information described in the reporting instructions. Which of the following are possible outcomes?

Options:

A.

They may be put into remediation or revoked by the applicable payment brands

B.

They may be put into remediation or revoked by PCI SSC

C.

They may be fined by the applicable payment brands

D.

They may be fined by PCI SSC

Buy Now
Questions 14

An assessor is unsure if log review and interview is sufficient testing for a requirement. Who can best answer this question?

Options:

A.

Payment brands

B.

Issuing banks

C.

Vendor

D.

PCI SSC

Buy Now
Questions 15

Which of the following must every assessor do to maintain their CPSA certification?

Options:

A.

Complete annual requalification training or complete 3 assessments for different facilities each year

B.

Earn and document at least 20 hours of Continuing Professional Education (CPE) over 3 years

C.

Earn an additional professional certification from List A or B of the Qualification Requirements (QRs)

D.

Submit evidence of internal training in a relevant area (as per the QRs)

Buy Now
Exam Code: CPSA
Exam Name: Card Production Security Assessor (CPSA)QualificationExam
Last Update: Jun 8, 2026
Questions: 50

PDF + Testing Engine

$64.99   $185.69
buy now CPSA pdf + testing engine

Testing Engine

$49.99   $142.83
buy now CPSA testing engine

PDF (Q&A)

$54.99   $157.11
buy now CPSA pdf