Free PCI Security Standards Council CPSA_P_New Exam Questions

Become PCI Security Standards Council Certified with updated CPSA_P_New exam questions and correct answers

Page: 1 / 20

Total 100 Questions | Updated On: Apr 29, 2026

Add To Cart

Question 1

CCTV cameras should not have zoom or scanning functionality in which of the following locations?

A : PIN-mailer room

B : Cloud-based provisioning areas

C : Work In Progress room (WIP)

D : Vault

E : Destruction room

F : Security Control Room (SCR)

Answer: A

Question 2

Which of the following personnel changes must result in the vendor notifying the Vendor Program Administration (VPA)?

A : Adding additional rights to someone’s role to give them access to the mam production vault

B : Any change to a role that directly affects the security of card products and related components

C : Hiring someone that will directly interact with the card issuers

D : Promoting someone to senior management levell

Answer: B

Question 3

During an assessment you ask to see employee records for employees with access to the HSA. The records include information about the screening process, including background information from the employee application process. The oldest background Information that is available is for an employee that left the vendor (terminated their contract) one year previously. You note this as non-compliant, why?

A : Employee information, including background checks, must be stored for at least seven years

B : Employee information must be securely destroyed (e.g. securely wiped) within 2 years (after termination of contract)

C : The vendor must retain the background information for at least 18 months after termination of contract

D : The vendor must only retain background information for all current employees, not for those that have been terminated

Answer: A

Question 4

A card production vendor employs a contracted guard service from an outside source. What is one of the responsibilities of the contracted service?

A : Provide only certified guards

B : Register their service with the VPA

C : Maintain their own liability insurance in case of losses to card material

D : Undergo their own Card Production assessment and provide evidence of a passing result

Answer: C

Question 5

According to requirement 2.3.6.2, how long must a log of the event be maintained following the apprehension of an unauthorized individual detected by the movement detector, located inside the inner room or the shipping area, when both the intermediate and inner doors are closed and locked?

A : At least 3 years

B : Permanently

C : At least 2 years

D : Until the incident follow-up is completed

Answer: C

Page: 1 / 20

Total 100 Questions | Updated On: Apr 29, 2026

Add To Cart