Pci Knowledge Check v2 Questions and Answers
Methods for stealing payment card data
Includes physical skimming, malware and weak passwords.
The PCI DSS applies to:
Any entity that stores, processes, or transmitts payment card account data.
Previous
Play
Next
Rewind 10 seconds
...
methods for stealing payment card data includes ph
the pci dss applies to any entity that stores pr
Written for
Pci
Pci
Seller
Follow
Pogba119
Reviews received
Content preview
Pci Knowledge Check v2 Questions and
Answers
Methods for stealing payment card data - answer Includes physical skimming,
malware and weak passwords.
The PCI DSS applies to: - answer Any entity that stores, processes, or transmitts
payment card account data.
The P2PE standard covers: - answer Encryption, decryption, key management
requirements for point to point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement - answer PA-DSS (Payment Application Data Security Standard) PA-DSS
is the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant - answer False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? - answer Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? - answer The
issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. - answer During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. - answer
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? - answer Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations
(ISOs) or External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? - answer Developing
and enforcing compliance programs, accepting validation documentation from approved
QSA, PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-
QSA, and ASV company qualification criteria.
, Merchant obligation may include submitting their compliance status to multiple entities. -
answer True - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS
compliance validation reporting process? - answer Quarterly external vulnerability
scans to be performed by an (ASV) Approved Scanning Vendor. Level 2 merchants
may use SAQ validate compliance.
SAQ D - answer Service provider using only web based virtual terminal
SAQ A - answer MO/TO merchant with all payment functions outsourced to a
compliant service provider
SAQ C - answer Merchant with standalone payment application connected to the
internet
SAQ B - answer Merchant with only card-present dial-out terminals.
SAQ P2PE - answer Merchant who is using a validated P2PE solution listed on the
PCI SSC Website
SAQ A-EP - answer An online merchant with a payment page that accepts
cardholder data, but transmits the data to a PCI DSS-compliant service provider
SAQ A - answer An online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP - answer Merchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? - answer Third party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or
transmits cardholder data for authorization or settlement, and are sold, licensed or
distributed off-the-self to third parties.
Use of Qualified Integrator/Reseller(QIR) : - answer A good step toward PCI DSS
compliance.
The presumption of P2PE is that: - answer Data cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? -
answer Payment Brands.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.62. You're not tied to anything after your purchase.