PCI Practice Questions With Verified Answers

PCI Practice Questions With Verified Answers When confirming PCI-DSS requirements have been met, the accessors must always use which of the following? - previous reports on compliance (ROCs) - independent judgment - hard-copy documents - Live testing - ANSWER independent judgment Strong encryption of cardholder data is required during transmission over which of the following? - Webservers in the DMZ and databases in an internal segment - Any connection between host in the CDE - Call center applications and data bases - 4G connections from mobile terminal to the acquirer - ANSWER 4G connections from mobile terminal to the acquirer If network segmentation is being used to reduce the scope of the PCI-DSS assessment, what must the assessor verify? - All controls used for segmentation are configured properly - The payment card brands have approved the segmentation - The segmentation solution is one of the PCI SSC is approved segmentation solution - The segmentation is controlled by firewall - ANSWER All controls used for segmentation are configured properly Which of the following statement is true concerning transaction volumes of merchants? - Transaction volume is based on the total number of combined transactions from all payment card brands - Transaction volume is determined by each acquirer - If transactions are split between two different acquirers, the merchant level is determined by halving the transaction volume for each payment card brand - If the transactions for different payment card brands are handled by the same acquirer, the merchant level is determined by the total combined transaction volume of the acquirer - ANSWER Transaction volume is determined by each acquirer Which of the following is true related to use of EMV chip technology? - PCI-DSS does not apply to the environment using EMV chip technology - PCI-DSS applies to environments using EMV chip technology - EMV chip technology increases the risk of fraudulent transactions in card -present environment - Merchants are permitted to store the track equivalent data from EMV chip after authorization - ANSWER PCI-DSS applies to environments using EMV chip technology Which of the following statement is true regarding card verification values/codes (CAV2/CVC2/CVV2/CID)? - They are sensitive authentication data (SAD), and must not be stored after authorization, even if encrypted - They are cardholder data and may be stored after authorization if encrypted with strong cryptography - They are required for each recurring card-not-present transaction - They are required for each recurring card-present transaction - ANSWER They are sensitive authentication data (SAD), and must not be stored after authorization, even if encrypted