AQSA Exam Questions With Correct And Revised Answers.
3 views 0 purchase
Course
AQSA
Institution
AQSA
AQSA Exam Questions With Correct And
Revised Answers.
Malware - answerCriminals use malicious software to infiltrate a computer system and steal
payment data
Phishing - answerAn attack that sends an email or displays a Web announcement that falsely
claims to be from a legitimate enterprise in ...
AQSA Exam Questions With Correct And
Revised Answers.
Malware - answer✔✔Criminals use malicious software to infiltrate a computer system and steal
payment data
Phishing - answer✔✔An attack that sends an email or displays a Web announcement that falsely
claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private
information
Remote Access - answer✔✔Criminals can gain access to systems that store, process, or transmit
payment data through weak remote access controls
Weak Password - answer✔✔A password that can easily be broken and compromises security.
Outdate Software - answer✔✔Criminals look for outdated software to exploit flaws in unpatched
systems
Online Skimming - answer✔✔Attacks that infect e-commerce websites with malicious code,
known as sniffers and are very difficult to detect
Physical Skimming - answer✔✔Physical skimming is the method of collecting cardholder data
by attaching small hardware devices to Point of Sales Systems.
Importance of Securing Payment Account Data - answer✔✔- Cardholders may be liable for
unauthorized charges
- Merchants may face fines, legal fees, and damage to their reputations
- Negative impact on consumer trust and conifdene
- Loss of revenue and market share
How Payment Security Protects the Industry - answer✔✔- Prevents Financial Losses
- Nurtures Customer Trust
- Maintains Reputation
Types of Data On a Payment Card - answer✔✔- Chip
- Card Verification Code
- Primary Account Number (PAN)
- Expiration Date
- Magnetic Stripe
- Signature Strip
- Card Verification Code
Account Data That May Be Stored After Authorization - answer✔✔- Primary Account Number
(PAN)
- Cardholder Name
- Expiration Date
- Service Code
Account Data That May NOT Be Stored After Authorization - answer✔✔- Full Track Data
- Card Verification Code
- Pin / Pin Block
Cardholder - answer✔✔Is the customer making a purchase from the merchant. This could be a
card-present or card-no-present transaction.
Merchant - answer✔✔Is the Organization accepting payment from the cardholder during a
purchase. The merchant sends payment transaction data to their acquirer
Acquirer - answer✔✔Sends payment transaction data through the payment network to the issuer
Payment Brand Network - answer✔✔Facilitates the payment transaction between the merchant's
acquirer and the issuer
Issuer - answer✔✔Issues the card to the card holder. Each time the cardholder makes a purchase,
the issuer notifies the merchant's acquirer whether the transaction have been authorized or
declined
Third Party Service Providers - answer✔✔A company or organization directly involved in the
processing, storage, or transmission of payment account data on behalf of another entity
Process of Authorization - answer✔✔1. Cardholder
2. Merchant
3. Acquirer
4. Payment Brand Network
5. Issuer
Process of Clearing - answer✔✔1. Acquirer sends purchase information to the Payment Brand
Network
2. Payment Brand Network sends the information to the Issuer
3. Issuer confirms and Payment Brand Network sends completed transaction details back to the
acquirer
Process of Settlement - answer✔✔1. Issuer identifies the acquirer through the Payment Brand
Network
2. Issuer sends payment to the acquirer
3. The Acquirer pays the merchant the money
4. Issuer bills the cardholder
PCI SSC - answer✔✔PCI Security Standards Council
PCI Security Standards Council - answer✔✔This council is responsible for the development and
management of the Payment Card Industry Security Standards, most notably the PCI Data
Security Standard.
PCI DSS - answer✔✔PCI Data Security Standard
PCI Data Security Standard - answer✔✔Technical and operational requirements designed to
protect payment account data
- Needed for all entities that Store, Process, and Transmit Data
Principal PCI DSS Requirements - answer✔✔1. Install and maintain network security controls
2. Apply secure configurations to all system components
3. Protect stored account data
4. Protect cardholder data with strong cryptography during transmission over open, public
network
5. Protect all system and networks from malicious software
6. Develop and maintain secure systems and software
7. Restrict access to system components and cardholder data by business need to know
8. Identify users and authenticate access to system components
9. Restrict Physical access to cardholder data
10. Log and monitor all access to system components and cardholder data
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
