Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

PCI ISA Study Guide 2024/25 Questions and Answers, Exams of Computer Security

PCI CollegeComputer Security

1. SAQ-A: e-commerce or telephone order merchants; processing fully outsourced to validated 3rd party. No processing, transmitting, storing done by merchant 2. SAQ-B: merchants with imprint machines and/or merchant with only standalone dial-out terminals 3. SAQ-B-IP: Same as SAQ-B but the terminals not dial-out, the terminals have an IP connection 4. SAQ-C: Merchants with payment apps connected to the Internet but have no CHD storage. Not available if doing ecommerce 5. SAQ-C-VT: Merchants who only use virtual terminals from a validated 3rd party. Do transactions one at a time. Not available if doing ecommerce

Typology: Exams

2023/2024

Available from 11/20/2024

tizian-kylan
tizian-kylan 🇺🇸

2.7

(21)

3.8K documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 3
PCI ISA Study Guide 2024/25 Questions and Answers
1. SAQ-A: e-commerce or telephone order merchants; processing fully outsourced
to validated 3rd party. No processing, transmitting, storing done by merchant
2. SAQ-B: merchants with imprint machines and/or merchant with only standalone
dial-out terminals
3. SAQ-B-IP: Same as SAQ-B but the terminals not dial-out, the terminals have an
IP connection
4. SAQ-C: Merchants with payment apps connected to the Internet but have no
CHD storage. Not available if doing ecommerce
5. SAQ-C-VT: Merchants who only use virtual terminals from a validated 3rd party.
Do transactions one at a time. Not available if doing ecommerce
6. SAQ-A-EP: Same as SAQ-A but web site could affect the security of outsourced
3rd party solution.
7. SAQ-D: Used by merchants not eligible for any other SAQ. Service providers
must always use SAQ-D
8. Where are firewalls required: Between Internet and CHD, between DMZ and
internal network, between wireless networks and CHD
9. How often must firewall rules be reviewed: 6 months and after significant
environment change
pf3
pf4
pf5

Partial preview of the text

Download PCI ISA Study Guide 2024/25 Questions and Answers and more Exams Computer Security in PDF only on Docsity!

PCI ISA Study Guide 2024/25 Questions and Answers

  1. SAQ-A: e-commerce or telephone order merchants; processing fully outsourced to validated 3rd party. No processing, transmitting, storing done by merchant
  2. SAQ-B: merchants with imprint machines and/or merchant with only standalone dial-out terminals
  3. SAQ-B-IP: Same as SAQ-B but the terminals not dial-out, the terminals have an IP connection
  4. SAQ-C: Merchants with payment apps connected to the Internet but have no CHD storage. Not available if doing ecommerce
  5. SAQ-C-VT: Merchants who only use virtual terminals from a validated 3rd party. Do transactions one at a time. Not available if doing ecommerce
  6. SAQ-A-EP: Same as SAQ-A but web site could affect the security of outsourced 3rd party solution.
  7. SAQ-D: Used by merchants not eligible for any other SAQ. Service providers must always use SAQ-D
  8. Where are firewalls required: Between Internet and CHD, between DMZ and internal network, between wireless networks and CHD
  9. How often must firewall rules be reviewed: 6 months and after significant environment change
  1. Non-Console admin access must be : encrypted
  2. CHD data can only be stored for how long?: based on merchant document- ed policy based on biz, regulatory, legal requirements
  3. CHD that has exceeded its defined retention period must be deleted based on a process: quarterly
  4. When is it OK to store sensitive authentication date (SAD)?: temporarily prior to authorization. Issuers can store SAD based on business need
  5. Sensitive Authentication Data: Full Track, Track 1, Track 2, CVV, PIN. Any equivalent from chip
  6. When masking a card number what can be shown: first 6 and last 4
  7. Acceptable methods for making PAN unreadable: Hash, Truncation, Tok- enized, strong key cryptography
  8. Secret/Private keys must be protected by what method(s): 1) key-encrypt- ing key, stored separately. 2) Hardware Security Module (HSM) 3) two full length key components (aka split knowledge)
  1. Account Lockout Duration: 30 minutes
  2. Lock or terminate sessions after this period of innactivity: 15 minutes
  3. Password minimum length: 7 characters
  4. Password complexity requirements: numeric and alpha characters. That's it
  5. Change password every : 90 days
  6. Password can't match the last passwords used: 4
  7. Maintain data center visitor logs for at least : 3 months
  8. Security logs must be reviewed how often?: Daily
  9. Audit trail logs must be retained for what period of time?: 1 year
  1. Audit logs must be immediately accessible if they are newer/younger than?: the last 3 months
  2. Check for unauthorized WAP at least : quarterly 42. Vulnerability scans both internal and external must be done : - quarterly and after significant change
  3. ASV: Authorized Scan Vendor - must use one of these for quarterly external scans
  4. Pen Test: Required annually. Different and more intense that vulnerability scan. Required every 6 months for service providers
  5. File Integrity Monitoring (FIM) must be reviewed : Weekly
  6. PCI SSC's founding payment brands: AMEX, Visa, MasterCard, Discover, JCB
  7. PA-DSS: Payment Application - Digital Security Standard
  8. P2PE: Point-to-Point Encryption Standard
  9. PTS: Pin Transaction Security Standard
  10. POI: Point of Interaction Standard
  11. HSM: Hardware Security Module Standard
  12. PCI-DSS, PA-DSS, PTS, POI, HSM: Security standards published by the PCI SSC
  13. QIR: Qualified Integrator Reseller
  14. Who might install a payment application for a merchant: QIR-Qualified Integrator Reseller