100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
AQSA Certification questions with correct answers $14.49   Add to cart

Exam (elaborations)

AQSA Certification questions with correct answers

 4 views  0 purchase
  • Course
  • AQSA
  • Institution
  • AQSA

AQSA Certification questions with correct answers

Preview 3 out of 16  pages

  • August 20, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • AQSA
  • AQSA
avatar-seller
Schoolplug
AQSA Certification questions with
correct answers

PCI SSC - ANSWER: ➡ is an independent industry standards body providing oversights of the
k k k kk k k k k k k k k k k




development and management of Payment Card Industry Data Security Standards on a global basis.
k k k k k k k k k k k k k k




What are the founding payment brands? - ANSWER: ➡ American express, Discover, JCB, Mastercard,
k k k k k k k kk k k k k k




and VISA
k k




What define the merchant levels? - ANSWER: ➡ defined by the payment brands, based on transaction
k k k k k k kk k k k k k k k k




volume. Transaction volume determined by the acquirer)
k k k k k k k




What define the service provider levels? - ANSWER: ➡ Defined by the payment brands according to
k k k k k k k kk k k k k k k k




transaction volume and/or type of service provider. Determined by the payment brans or acquirer, or
k k k k k k k k k k k k k k k




sometimes the service provider.
k k k k




SAQ-A - ANSWER: ➡ Card-not-present merchants (e-commerce or mail/telephone-order) that have
k k kk k k k k k k k




fully outsourced all cardholder data functions to PCI DSS validated third-part service providers, with
k k k k k k k k k k k k k k




no electronic storage, processing, or transmission of any cardholder data on the merchant's systems or
k k k k k k k k k k k k k k k




premises.
k




SAQ A-EP - ANSWER: ➡ E-commerce merchants who outsource all payment processing to PCI DSS
k k k kk k k k k k k k k k k




validated third parties, and who have a website(s) that doesn't directly receive cardholder data but
k k k k k k k k k k k k k k k




that can impact the security of the payment transaction. No electronic storage, processing, or
k k k k k k k k k k k k k k




transmission of any cardholder data on the merchant's systems or premises.
k k k k k k k k k k k




SAQ-B - ANSWER: ➡ Merchants using only:
k k kk k k k




- Imprint machines with no electronic cardholder data storage; and/or
k k k k k k k k k




- Standalone, dial-out terminals with no electronic cardholder data storage.
k k k k k k k k k




SAQ-B-IP - ANSWER: ➡ Merchants using only stand-alone, PTS-approved payment terminals with an
k k kk k k k k k k k k k




IP connection to the payment processor, with no electronic cardholder data storage.
k k k k k k k k k k k k

,Not applicable to e-commerce channels.
k k k k




SAQ C-VT - ANSWER: ➡ is for merchants using only web-based virtual payment terminals, where
k k k kk k k k k k k k k k k




cardholder data is manually entered into a secure website from a single system.
k k k k k k k k k k k k k




SAQ-C - ANSWER: ➡ is for merchants with dedicated payment application systems segmented from all
k k kk k k k k k k k k k k k




other systems, and connected to the Internet for the purposes of transaction processing. SAQ C is not
k k k k k k k k k k k k k k k k k




applicable to e-commerce payment channels. A merchant only accepts payments via the telephone and
k k k k k k k k k k k k k k




they enter the cardholder data directly into a webpage provided by their acquirer.
k k k k k k k k k k k k k




PCI DSS - ANSWER: ➡ covers security of the environments that store, process, or transmit account
k k k kk k k k k k k k k k k k




data. The scope of PCI DSS covers environments receiving account data from payment applications
k k k k k k k k k k k k k k




and other sources—acquirers, for example.
k k k k k




PCI PA-DSS - ANSWER: ➡ covers secure payment applications to support PCI DSS compliance. The
k k k kk k k k k k k k k k k




scope of PA-DSS addresses when a payment application receives account data from cardholder-
k k k k k k k k k k k k k




interface devices such as point-of sale-terminals or other devices and begins the payment transaction.
k k k k k k k k k k k k k




PCI P2PE (Point-to-Point Encryption) - ANSWER: ➡ covers secure encryption, decryption, and key
k k k k k kk k k k k k k




management for point-to-point encryption solutions. Requirements for a P2PE solution will vary
k k k k k k k k k k k k




depending on the deployment environment and the technologies used for a specific implementation.
k k k k k k k k k k k k k




PCI PTS (PIN Transaction Security) POI - ANSWER: ➡ covers device tamper detection, cryptographic
k k k k k k k kk k k k k k




processes, and other mechanisms used to protect the PIN and other sensitive data, such as
k k k k k k k k k k k k k k k




cryptographic keys. The PTS set of requirements addresses how cardholder PINs are protected at
k k k k k k k k k k k k k k




cardholder-interface devices such as point-of-sale terminals, as well as hardware security modules
k k k k k k k k k k k k




that are used for payment processing and cardholder authentication applications and processes.
k k k k k k k k k k k k




PCI PIN Security - ANSWER: ➡ covers secure management, processing, and transmission of personal
k k k k kk k k k k k k k k




identification number (PIN) data during online and offline payment card transaction processing.
k k k k k k k k k k k k




PCI PTS HSM standard - ANSWER: ➡ covers the design of hardware security modules and for securely
k k k k k kk k k k k k k k k k k




protecting those devices until they are deployed.
k k k k k k k

, Card Production standards - ANSWER: ➡ establish minimum security levels for card vendors involved
k k k k kk k k k k k k k k




in payment card manufacturing, card personalization, pre-personalization, chip embedding, data
k k k k k k k k k k




preparation , and fulfillment.
k k k k




Discover Compliance Program is called ______________. - ANSWER: ➡ Information Security Compliance
k k k k k k k kk k k k




JCB Compliance Program is called ______________. - ANSWER: ➡ Data Security Program
k k k k k k k kk k k k




MasterCard Compliance Program is called ______________. - ANSWER: ➡ Site Data Protection
k k k k k k k kk k k k




Visa Inc. Compliance Program is called ______________. - ANSWER: ➡ Information Security Program
k k k k k k k k kk k k k




Visa Europe Compliance Program is called ______________. - ANSWER: ➡ Account Information Security
k k k k k k k k kk k k k




Program.
k




The key thing to understand for payment brand compliance programs is _________. - ANSWER: ➡ that
k k k k k k k k k k k k k kk k




they handle PCI DSS compliance tracking, enforcement, and any penalties or fees that might be
k k k k k k k k k k k k k k k




assigned. In addition, payment brands are responsible for forensic response and investigation of
k k k k k k k k k k k k k




account data compromises.
k k k




What are the Payment Brand Roles? - ANSWER: ➡ Develop and enforce compliance
k k k k k k k kk k k k k




programs/Endorse QSA, PA-QSA and ASV company qualification criteria/ Accept validation
k k k k k k k k k k




documentation from QSAs, PA-QSAs, and ASVs.
k k k k k k




Merchant will generally report to their __________ where service providers will report to the ____________. -
k k k k k k k k k k k k k k k




ANSWER: ➡ acquirer/ payment brands.
k kk k k k




self-assessment questionnaire - ANSWER: ➡ often referred to as the SAQ which is a validation tool for k k k kk k k k k k k k k k k k k




merchants and service providers self-evaluating their compliance with PCI DSS. It is a validation tool
k k k k k k k k k k k k k k k




for entities that are not required to submit a Report on Compliance as part of an onsite assessment.
k k k k k k k k k k k k k k k k k k




SAQ D - ANSWER: ➡ is for all other SAQ-eligible merchants that do not fall into any of the other SAQ
k k k kk k k k k k k k k k k k k k k k k




categories, and for any service providers defined by a payment brand as eligible to complete the SAQ.
k k k k k k k k k k k k k k k k k

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Schoolplug. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81113 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.49
  • (0)
  Add to cart