









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
An overview of the payment card industry data security standard (pci dss), a set of security requirements designed to ensure the secure handling of cardholder data. It covers key topics such as the roles and responsibilities of different entities involved in payment card transactions, the flow of a payment card transaction, the importance of securing cardholder data, and the specific pci dss requirements that organizations must comply with. The document aims to educate readers on the fundamental aspects of pci dss, enabling them to better understand the security measures required to protect sensitive payment card information and maintain compliance with industry standards.
Typology: Exams
1 / 16
This page cannot be seen from the preview
Don't miss anything!
Which of the below functions is associated with Acquirers? A. Provide settlement services to a merchant B. Provide authorization services to a merchant C. Provide clearing services to a merchant D. All of the options ✔✔Correct Answer: D Which of the following entities will actually approve a purchase? A. Non-Issuing Merchant Bank B. Issuing Bank
C. Payment Transaction Gateway D. Acquiring Bank ✔✔Correct Answer: B Which of the following lists the correct "order" for the flow of a payment card transaction? A. Clearing, Settlement, Authorization B. Clearing, Authorization, Settlement C. Authorization, Clearing, Settlement D. Authorization, Settlement, Clearing ✔✔Correct Answer: C Service Providers include companies which or could the security of cardholder data.
A. it is being stored by issuers B. it is reported to the PCI SSC annually in a RoC C. it is encrypted by the merchant storing it D. it is hashed by the merchant storing it ✔✔Correct Answer: A PCI DSS Requirement 3.4 states the PAN must be rendered unreadable when stored, using. A. Encryption, Truncation, or Obfuscating B. Hashing, Scrambling, or Encrypting C. Encryption, Hashing, or Truncation
D. Truncation, Scrambling, or Encrypting ✔✔Correct Answer: C Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure? A. SSH B. RLogon C. Telnet D. FTP ✔✔Correct Answer: A When scoping an environment for a PCI DSS assessment, it is important to identify . A. All flows of cardholder data
D. SAQ A ✔✔Correct Answer: D Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ A D. SAQ D ✔✔Correct Answer: B When a Service Provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used?
D. SAQ C ✔✔Correct Answer: A Information Supplements provided by the PCI SSC may "supersede" requirements. A. True B. False ✔✔Correct Answer: B If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those
A. True B. False ✔✔Correct Answer: A In order to be considered a compensating control, which of the following must exist? A. A legitimate technical constraint and a documented business constraint. B. A legitimate technical constraint. C. A legitimate technical constraint of a documented business constraint. D. A documented business constraint. ✔✔Correct Answer: C PCI DSS Requirement 1 A. Install and maintain a firewall configuration to protect cardholder data
B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) ✔✔Correct Answer: A PCI DSS Requirement 2 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters
methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) ✔✔Correct Answer: C PCI DSS Requirement 4 A. Install and maintain a firewall configuration to protect cardholder data B. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods C. Protected Cardholder Data during transmission over the internet, wireless networks or other open access
networks or systems (GSM, GPRS, etc.) D. Use and regularly update anti-virus software or programs ✔✔Correct Answer: C PCI DSS Requirement 5 A. Use and regularly update anti-virus software or programs B. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods
C. Develop and maintain secure systems and applications D. Use and regularly update anti-virus software or programs ✔✔