Questions asked in CPISI Exam

If you are going to take CPISI (Certified Payment Card Industry Security Implementer Version 3.2) exam conducted by SISA and wondering what kind of questions are asked than this article will help you.

Exam Type: Online Multiple Type Question

Duration: 1 hour

Number of questions: 50

Passing Mark: 60%

Post Workshop all participants will be receiving CPISI certification exam link which can be accessed via any network and will be active for 5 days of the last day of the workshop.

Kindly Note: You cannot go back and correct your answers.

This certification is idle for Infosec Managers, CISO, CTO, Security Analyst, Security Consultant, Compliance managers, Payment specialist, Risk managers, Quality Consultants, IT operations, Merchant, Acquirer, Bankers.

Workshop Fee: Varies from Person to person. Students are charged less. ISACA members are charged little more than students. Non-ISACA members are charged full amount. I participated in Pune, India and that time prices were like this:

Students: Indian rupees 12000/-

ISACA Members: Indian rupees 14000/-

Non ISACA Members: Indian rupees 16500/-

It includes GST (applicable for workshop happening in India only), two days’ Workshop/training, Tea, lunch, study materials and certification fee. 

As I am member of ISACA, I paid only INR 14000.

Two days’ workshop is conducted by SISA. The main objective of this workshop is to give the participants adequate knowledgebase for successfully implementing PCI-DSS (latest version 3.2) requirements in an organization. Workshop is conducted by highly skilled trainer. Different case studies and real-life scenarios are discussed in training. Top 2 students are selected from each batch and are awarded SISA Champion and runner up trophy. They are selected based on number of token they have which is received against each good question asked and quality of answer answered. This is done to make class more interactive and avoid boredom.

Book is Provided. Book is exact replica of the Powerpoint document used for presentation.

1. Once you have completed two days training provided by SISA, make sure that you have gone through the book provided by them.
2. Go through PCI Standard and “document Library section” available online at PCI official site. Click here to visit official site.
3. Watch YouTube videos which cover topics like PCI DSS 12 requirements, PCI Data Security, PTS requirements, PA-DSS Security and P2P encryption,
4. Read relationship between PCI and PA-DSS, P2PE, PCI PTS and PCI PIN.
5. Go through Wikipedia Page.
6. Few of the questions that I remember are:

-Few questions were related to Hashing, Encryption and truncations etc.

-Best way to protect data within network, Question asked was something like this: Whether server dealing in PCI DSS data should be within DMZ or outside? Don’t remember exact question

– Few questions related to firewall.

– One question was from multi factor authentication.

– CHD: What can be stored and what cannot be stored. (3-4 such questions were asked)

– Based on Mod 10 algo, verify which one is valid credit card number. You can use online validation tool for verifying this or can install this tool on your machine. I developed this tool in python after I have given CPISI exam.

– Important Date and duration questions like: minimum acceptable VA external scan tenure?

– True or false questions like: As per PCI DSS external scan policy, all vulnerabilities with High and Medium severity have to be remediated or not?

– Multiple choice questions like: Any new vulnerabilities identified should be addressed in how many days. Options: 30, 45, 60 or 90 days

-Firewall review should be done once in a year. True or False?

-Few compliance related questions.

– What kind of data is stored in Track1 and Track 2.

-Questions related to role of acquirer, issuer etc

Once you are done with exam, an automated email is received stating the result of exam.

Via Email I received Soft copy and logo after 14 days (approx)

After 2 weeks, participants name appears in SISA website which can be accessed here. Website is also updated with group photograph of participants.

Passing Participants also receives hard copy of certificate which has SISA hologram on it. Usually SISA takes 1 month to send it to provided postal address.

Benefits of CPISI Certification:

1. Participants will gain PCI DSS implementation knowledge which can help them implementing the same in their work environment.
2. Participants receives Certificate of Attendance from ISACA with 14 CPE stated on it. These 14 points can be used in certifications like CISA, CISSP and CEH.

3. Extra 40 points can be added by all CEH certification holder under CEP (Continuing Education Program).

4. Participants name appears on SISA website and successful candidates can download use CPISI logo on their resume.

5. Hard copy as well as soft copy is provided.

6. Last but not the least, participants get chance to interact with like-minded people working in same security domain but different organization.

About Author:

Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion. His blog can be visited by clicking this.