Exam (elaborations)
PCI ISA QUESTIONS AND ANSWERS GRADED A+
- Course
- Institution
Exam of 6 pages for the course pci at pci (PCI ISA)
[Show more]
Content preview
PCI ISAAAA - answer Acronym for "authentication, authorization, and accounting." Protocol for
authenticating a user based on their verifiable identity, authorizing a user based on their
user rights, and accounting for a user's consumption of network resources
Access Control - answer Mechanisms that limit availability of information or information-
processing resources only to authorized persons or applications
Account Data - answer consists of cardholder data and/or sensitive authentication data
Acquirer - answer Also referred to as "merchant bank," "acquiring bank," or "acquiring
financial institution". Entity, typically a financial institution, that processes payment card
transactions for merchants and is defined by a payment brand as an acquirer. Acquirers
are subject to payment brand rules and procedures regarding merchant compliance
Administrative Access - answer Elevated or increased privileges granted to an account
in order for that account ot manage systems, networks and/or applications.
Adware - answerType of malicious software that, when installed, forces a computer to
automatically display or download advertisements
AES - answerAbbreviation for "Advanced Encryption Standard." Block cipher used in
symmetric cryptography adopted by NIST in November 2001
ANSI - answerAcronym for "American National Standards Institute" Private, non-profit
organization that administers and coordinates the US voluntary standardization and
conformity assessment system
Anti-Virus - answerProgram or software capable of detecting, removing, and protecting
against various forms of malicious software including viruses, worms, Trojans
AOC - answerAcronym for "attestation of compliance". The AOC is a form for merchants
and service providers to attest to the results of a PCI DSS assessment, as documented
in the Self-Assessment Questionnaire or Report on Compliance
AOV - answerAcronym for "attestation of validation". The AOV is a form for PA_QSAs to
attest to the results of a PA_DSS assessment, as documented in the PA-DSS Report
on Validation.
Application - answerIncludes all purchased and custom software programs or groups of
programs, including both internal and external applications.
, ASV - answerAcronym for "approved Scanning Vendor". Company approved by the PCI
SSC to conduct external vulnerability scanning services.
Audit Log - answerAlso referred to as audit trail. Chronological record of system
activities. Provides an independently verifiable trail sufficient to permit reconstruction,
review, and examination of sequence of environments and activities surrounding or
leading to operation, procedure, or event in a transaction from inception to final results.
Authentication - answerProcess of verifying identity of an individual, device, or process.
Authentication Credentials - answerCombination of the user ID or account ID plus the
authentication factors used to authenticate and individual, device, or process
Authorization - answerIn the context of access controls, authorization is the granting of
access or other rights to a user, program, or process.
In the context of a a payment card transaction, authorization occurs when a merchant
receives transaction approval after the acquirer to validates the transaction with the
issuer/processor.
Backup - answerA copy of data that is made in case the original data is lost or
damaged. The backup can be used to restore the original data.
BAU - answerAn acronym for "business as usual".
Bluetoot - answer_____ is a wireless protocol designed for transmitting data over short
distances, replacing cables.
Buffer Overflow - answerThis attack occurs when an attacker leverages a vulnerability
in an application, causing data to be written to a memory area (that is, a buffer) that's
being used by a different application.
Card Skimmer - answerA physical device, often attached to legitimate card-reading
device, designed to illegitimately capture and/or store the information from a payment
card.
Compensating Controls - answermay be considered when an entity cannot meet a
requirement explicitly as stated, due to legitimate technical or documented business
constraints, but has sufficiently mitigated the risk associated with the requirement
through implementation of other controls.
Cross-Site Scripting (XSS) - answerVulnerability that is created from insecure coding
techniques, resulting in improper input validation.
Egress Filtering - answerMethod of filtering outbound network traffic such that only
explicitly allowed traffic is permitted to leave the network.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jw638729. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80796 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now