Questions asked in CPISI Exam

If you are going to take CPISI (Certified Payment Card Industry Security Implementer Version 3.2) exam conducted by SISA and wondering what kind of questions are asked than this article will help you.

Exam Type: Online Multiple Type Question

Duration: 1 hour

Number of questions: 50

Passing Mark: 60%

Post Workshop all participants will be receiving CPISI certification exam link which can be accessed via any network and will be active for 5 days of the last day of the workshop.

Kindly Note: You cannot go back and correct your answers.

This certification is idle for Infosec Managers, CISO, CTO, Security Analyst, Security Consultant, Compliance managers, Payment specialist, Risk managers, Quality Consultants, IT operations, Merchant, Acquirer, Bankers.

Post Workshop all participants will be receiving CPISI certification exam link which can be accessed via any network and will be active for 5 days of the last day of the workshop.

CPISI In House Workshop ISACA Pune Chapter, August 20-21,2017

Workshop Fee: Varies from Person to person. Students are charged less. ISACA members are charged little more than students. Non-ISACA members are charged full amount. I participated in Pune, India and that time prices were like this:

Students: Indian rupees 12000/-

ISACA Members: Indian rupees 14000/-

Non ISACA Members: Indian rupees 16500/-

It includes GST (applicable for workshop happening in India only), two days’ Workshop/training, Tea, lunch, study materials and certification fee.  

As I am member of ISACA, I paid only INR 14000.

CPISI Workshop fee with 2500 discount

Two days’ workshop is conducted by SISA. The main objective of this workshop is to give the participants adequate knowledgebase for successfully implementing PCI-DSS (latest version 3.2) requirements in an organization. Workshop is conducted by highly skilled trainer. Different case studies and real-life scenarios are discussed in training. Top 2 students are selected from each batch and are awarded SISA Champion and runner up trophy. They are selected based on number of token they have which is received against each good question asked and quality of answer answered. This is done to make class more interactive and avoid boredom.

Book is Provided. Book is exact replica of the Powerpoint document used for presentation.

CPISI Book provided by SISA

1. Once you have completed two days training provided by SISA, make sure that you have gone through the book provided by them.
2. Go through PCI Standard and “document Library section” available online at PCI official site. Click here to visit official site.
3. Watch YouTube videos which cover topics like PCI DSS 12 requirements, PCI Data Security, PTS requirements, PA-DSS Security and P2P encryption,
4. Read relationship between PCI and PA-DSS, P2PE, PCI PTS and PCI PIN.
5. Go through Wikipedia Page.
6. Go to This Link and search terms like weekly, monthly, daily, quarterly, yearly. You will get atleast 30% of questions from here. Link shared is PCI quick reference guide. 

Few of the questions that I remember are mentioned below:

-Few questions were related to Hashing, Encryption and truncations etc.

-Best way to protect data within network, Question asked was something like this: Whether server dealing in PCI DSS data should be within DMZ or outside? Don’t remember exact question

– Few questions related to firewall, IPSecVPN (Private connectivity) etc.

– One question was on multi factor authentication.

– CHD: What can be stored and what cannot be stored. (3-4 such questions were asked)

– Based on Mod 10 algo, verify which one is valid credit card number. You can use online validation tool for verifying this or can install this tool on your machine. I developed this tool in python after I have given CPISI exam.

– Important Date and duration questions like: minimum acceptable VA external scan tenure?

– True or false questions like: As per PCI DSS external scan policy, all vulnerabilities with High and Medium severity have to be remediated or not?

– Multiple choice questions like: Any new vulnerabilities identified should be addressed in how many days. Options: 30, 45, 60 or 90 days

-Firewall review should be done once in a year. True or False?

-Few compliance related questions like -What all details a Business Justification Document should include? Mandatory background check of employee as per PCI DSS employee screening, questions related to Scoping, Audit trail History retention period.

-As per PCI DSS, what is allowable duration for Change detection system to perform critical file comparison–> This was tricky as options were Daily, weekly, monthly and real time. Weekly is correct answer but i marked daily in exam.

– What kind of data is stored in Track1 and Track 2.

-Questions related to role of acquirer, issuer etc

Once you are done with exam, an automated email is received stating the result of exam.

Automated Email from SISA

Via Email I received Soft copy and logo after 10 days (approx)

CPISI Exam Completion email received along with Logo and PDF of certificate from Associate Training Manager

After 2 weeks, participants name appears in SISA website which can be accessed here. Website is also updated with group photograph of participants.

Passing Participants also receives hard copy of certificate which has SISA hologram on it. Usually SISA takes 1 month to send it to provided postal address.

CPISI Hard copy of certification with hologram

Benefits of CPISI Certification:

1. Participants will gain PCI DSS implementation knowledge which can help them implementing the same in their work environment.
2. Participants receives Certificate of Attendance from ISACA with 14 CPE stated on it. These 14 points can be used in certifications like CISA, CISSP and CEH.
   

   CPISI workshop certificate of attendance 14 CPE points for CISSP CISA CEH OSCP

3. Under CEP (Continuing Education Program), all CEH (Certified Ethical Hacker) can add extra 40 points against category Certification: “Examination related to IT security“.
4. Participants name appears on SISA website and successful candidates can download and use CPISI logo on their resume.
5. Hard copy as well as soft copy is provided.
6. Last but not the least, participants get chance to interact with like-minded people working in same security domain but different organization.

About Author:

Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion.

His Linkedin profile can be visited here for more details.