U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PCI CPSA Exam - Topic 1 Question 2 Discussion

A vendor discovers that a recent shipment of cards is missing a set. Which of the following responses would you expect in a compliant organization?
D) After an incident review, the VPA, issuer and law enforcement are all notified within 24 hours
A) An immediate call is made to the issuer and the VPA who, between them, contact law enforcement and put together a joint statement
B) The head of security initiates a meeting, and once the VPA approves the messaging, law enforcement is notified in two days
C) A report is requested by the issuer, the vendor sends it to them, and the issuer handles the incident with the local police

PCI CPSA Exam - Topic 1 Question 2 Discussion

Actual exam question for PCI's CPSA exam
Question #: 2
Topic #: 1
[All CPSA Questions]

A vendor discovers that a recent shipment of cards is missing a set. Which of the following responses would you expect in a compliant organization?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Layla at Apr 21, 2023, 03:12 AM

Limited Time Offer

25%

Off

Get Premium CPSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Teri
7 months ago
I’m not convinced about D. What if they need more time to assess?
upvoted 0 times
...
Sanda
7 months ago
Wait, they’d really notify law enforcement in 24 hours? That seems fast!
upvoted 0 times
...
Gregoria
8 months ago
C seems more realistic, though. Not sure if they’d act that fast.
upvoted 0 times
...
Ashley
8 months ago
Definitely agree with D, anything less seems risky.
upvoted 0 times
...
Sophia
8 months ago
I think option D is the best response. Quick action is key!
upvoted 0 times
...
Cristen
8 months ago
I feel like option C is too passive. If there's a security issue, shouldn't law enforcement be involved right away?
upvoted 0 times
...
Elmer
8 months ago
I'm a bit uncertain about the roles involved. Does the issuer always handle the police notification, or could it be the vendor too?
upvoted 0 times
...
Izetta
8 months ago
I remember a practice question where immediate reporting was emphasized, so I feel like option A might be the best choice here.
upvoted 0 times
...
Jovita
8 months ago
I think option D sounds right because timely communication is crucial in these situations, but I'm not entirely sure if 24 hours is the standard.
upvoted 0 times
...
Tamesha
8 months ago
Wait, I'm a bit confused. Does the product also need a master product? Or is that not required? I'll have to review the options again.
upvoted 0 times
...
Loreta
9 months ago
This looks straightforward. I think option A is the correct answer since it uses the "add ns acl" command to deny access to the specific IP address for the required 10-minute duration.
upvoted 0 times
...
Kristian
9 months ago
Based on our practice questions, I'm leaning towards 4 licenses, but I keep second-guessing some of the process timings.
upvoted 0 times
...
Ashlyn
9 months ago
I'm not too sure, but I remember something like "Zero-hour" being mentioned in a practice question.
upvoted 0 times
...
Emerson
9 months ago
This seems straightforward enough. Based on the scenario, the pricing for data security protections in the vendor contracts is likely the least crucial piece of information from a privacy perspective. The more important factors are the data access, liability, and audit rights.
upvoted 0 times
...

Save Cancel