Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

PCI DSS Compliance: Understanding Payment Card Industry Security Standards, Exams of Advanced Computer Programming

An overview of the payment card industry data security standard (pci dss), a set of security requirements designed to ensure the secure handling of cardholder data. It covers key topics such as the roles and responsibilities of different entities involved in payment card transactions, the flow of a payment card transaction, the importance of securing cardholder data, and the specific pci dss requirements that organizations must comply with. The document aims to educate readers on the fundamental aspects of pci dss, enabling them to better understand the security measures required to protect sensitive payment card information and maintain compliance with industry standards.

Typology: Exams

2024/2025

Available from 10/18/2024

Holygrams
Holygrams 🇺🇸

3.7

(3)

2.2K documents

1 / 16

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Which of the below functions is associated with Acquirers?
A.
Provide settlement services to a merchant
B.
Provide authorization services to a merchant
C.
Provide clearing services to a merchant
D.
All of the options ✔✔Correct Answer: D
Which of the following entities will actually approve a purchase?
A.
Non-Issuing Merchant Bank
B.
Issuing Bank
PCIP Practice with verified Questions and Answers ; Certified
Solutions/ latest update 2025 (graded A+)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download PCI DSS Compliance: Understanding Payment Card Industry Security Standards and more Exams Advanced Computer Programming in PDF only on Docsity!

Which of the below functions is associated with Acquirers? A. Provide settlement services to a merchant B. Provide authorization services to a merchant C. Provide clearing services to a merchant D. All of the options ✔✔Correct Answer: D Which of the following entities will actually approve a purchase? A. Non-Issuing Merchant Bank B. Issuing Bank

PCIP Practice with verified Questions and Answers ; Certified

Solutions/ latest update 2025 (graded A+)

C. Payment Transaction Gateway D. Acquiring Bank ✔✔Correct Answer: B Which of the following lists the correct "order" for the flow of a payment card transaction? A. Clearing, Settlement, Authorization B. Clearing, Authorization, Settlement C. Authorization, Clearing, Settlement D. Authorization, Settlement, Clearing ✔✔Correct Answer: C Service Providers include companies which or could the security of cardholder data.

A. it is being stored by issuers B. it is reported to the PCI SSC annually in a RoC C. it is encrypted by the merchant storing it D. it is hashed by the merchant storing it ✔✔Correct Answer: A PCI DSS Requirement 3.4 states the PAN must be rendered unreadable when stored, using. A. Encryption, Truncation, or Obfuscating B. Hashing, Scrambling, or Encrypting C. Encryption, Hashing, or Truncation

D. Truncation, Scrambling, or Encrypting ✔✔Correct Answer: C Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure? A. SSH B. RLogon C. Telnet D. FTP ✔✔Correct Answer: A When scoping an environment for a PCI DSS assessment, it is important to identify . A. All flows of cardholder data

C. SAQ D

D. SAQ A ✔✔Correct Answer: D Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ A D. SAQ D ✔✔Correct Answer: B When a Service Provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used?

A. SAQ D

B. SAQ B

C. SAQ A

D. SAQ C ✔✔Correct Answer: A Information Supplements provided by the PCI SSC may "supersede" requirements. A. True B. False ✔✔Correct Answer: B If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those

A. True B. False ✔✔Correct Answer: A In order to be considered a compensating control, which of the following must exist? A. A legitimate technical constraint and a documented business constraint. B. A legitimate technical constraint. C. A legitimate technical constraint of a documented business constraint. D. A documented business constraint. ✔✔Correct Answer: C PCI DSS Requirement 1 A. Install and maintain a firewall configuration to protect cardholder data

B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) ✔✔Correct Answer: A PCI DSS Requirement 2 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters

methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) ✔✔Correct Answer: C PCI DSS Requirement 4 A. Install and maintain a firewall configuration to protect cardholder data B. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods C. Protected Cardholder Data during transmission over the internet, wireless networks or other open access

networks or systems (GSM, GPRS, etc.) D. Use and regularly update anti-virus software or programs ✔✔Correct Answer: C PCI DSS Requirement 5 A. Use and regularly update anti-virus software or programs B. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods

C. Develop and maintain secure systems and applications D. Use and regularly update anti-virus software or programs ✔✔