100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
PCIP EXAM QUESTIONS AND ANSWERS $12.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. PCIP
  4.  
  5. PCIP

Exam (elaborations)

PCIP EXAM QUESTIONS AND ANSWERS
 7 views  0 purchase
  • Course
  • PCIP
  • Institution
  • PCIP

PCIP EXAM QUESTIONS AND ANSWERS

Preview 3 out of 17  pages

Document information

  • October 18, 2024
  • 17
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • pcip exam questions and answers

Written for

  • PCIP
  • PCIP

Seller

avatar-seller
Greaterheights

Reviews received

Content preview

PCIP EXAM
QUESTIONS
AND ANSWERS
PCI DSS Requirement 1 - Answers-Install and maintain a firewall configuration to
protect cardholder data

PCI DSS Requirement 2 - Answers-Do not use vendor supplied defaults for system
passwords and other security parameters

PCI DSS Requirement 3 - Answers-Protect stored cardholder data by enacting a formal
data retention policy and implement secure deletion methods

PCI DSS Requirement 4 - Answers-Protected Cardholder Data during transmission over
the internet, wireless networks or other open access networks or systems (GSM,
GPRS, etc.)

PCI DSS Requirement 5 - Answers-Use and regularly update anti-virus software or
programs

PCI DSS Requirement 6 - Answers-Develop and maintain secure systems and
applications

PCI DSS Requirement 7 - Answers-Restrict access to cardholder data by business
need to know

PCI DSS Requirement 8 - Answers-Assign a unique ID to each person with computer
access

PCI DSS Requirement 9 - Answers-Restrict physical access to cardholder data

,PCI DSS Requirement 10 - Answers-Track and monitor all access to network resources
and cardholder data

PCI DSS Requirement 11 - Answers-Regularly test secuirty systems and processes with
wireless scans, vulnerability scnas, log audits, ASV (Approved Scanning Vendor)

PCI DSS Requirement 12 - Answers-Maintain a policy that addresses information
security for all personnel

ASV (Approved Scanning Vendor) - Answers-Company approved by the PCI SSC to
conduct external vulnerability scanning services.

PCI Data Security Standards (PCI DSS) - Answers-Covers the security of the
environments that store, process or transmit account data.

Environments receive account data from payment applications and other sources (e.g.
acquirers)

PCI Payment Application Data Security Standards
(PCI PA-DSS) - Answers-Covers secure payment applications to support PCI DSS
compliance.
Applies to Third Party payment applications if the application performs authorization
and/or settlement (POS, shopping carts, etc.)
Ensures a payment application can function in a PCI DSS compliant manner
PA-DSS applications are in scope for PCI DSS

Payment application receives account data from PIN Entry Devices (PED) or other
devices and begins payment transaction

PCI PIN Transaction Security (PCI PTS) - Answers-Covers device tamper detection,
cryptographic processes and other mechanisms to protect the Personal Identification
Number (PIN).

Encrypted PIN is passed to payment application or hardware terminal.

PCI-PTS - PIN Security - Answers-Covers secure management, processing and
transmission of personal identification number data during online and offline payment
card transaction processing

PCI-PTS - HSM (Hardware Security Module or Host Security Module) - Answers-A
physically and logically protected hardware device that provides a secure set of
cryptographic services, used for cryptographic key-management functions and/or the
decryption of account data. Not required by DSS, but may help with the management of
keys.

, PCI Point to Point Encryption (PCI P2PE) - Answers-Covers encryption, decryption and
key management within secure cryptographic devices (SCD). Not a requirement but
may result in reduction of scope.

Secure Cryptographic Device (SCD) - Answers-A set of hardware, software and
firmware that implements cryptographic processes (including cryptographic algorithms
and key generation) and is contained within a defined cryptographic boundary.
Examples of secure cryptographic devices include host/hardware security modules
(HSMs) and point-of-interaction devices (POIs) that have been validated to PCI PTS.

POI - Point of Interaction - Answers-The initial point where data is read from a card. An
electronic transaction-acceptance product, a POI consists of hardware and software
and is hosted in acceptance equipment to enable a cardholder to perform a card
transaction. The POI may be attended or unattended. POI transactions are typically
integrated circuit (chip) and/or magnetic-stripe card-based payment transactions.

PCI Card Production - Answers-Covers physical and logical security requirements for
systems and business processes associated with card personalization, PIN generation,
PIN mailers, and card carriers and distribution.

CDE - Cardholder Data Environment - Answers-The people, processes and technology
that store, process, or transmit cardholder data or sensitive authentication data.

Relationship between PTS and PCI DSS - Answers-DSS prevents the storage of
encrypted PIN blocks. PTS supports the PIN encryption so there's no overlap.

Relationship between PCI DSS and PA-DSS - Answers-Payment applications must
support and not hinder PCI DSS compliance

PCI DSS requirements mirrored in many payment application requirements in PA-DSS

Relationship between PCI DSS and P2PE - Answers-Incorporates requirements from
Pin Transaction Security, PCI DSS, PA-DSS and PCI PIN to protect CHD from the point
of capture until it reaches the payment processor.

Properly implemented, validated P2PE solutions may help reduce the scope of a
merchant's PCI DSS assessment.

Payment Processor - Answers-Entity engaged by a merchant or other entity to handle
payment card transactions on their behalf. While they typically provide acquiring
services, payment processors are not considered acquirers unless defined as such by a
payment card brand.

CHD - Card Holder Data - Answers-At a minimum, cardholder data consists of the full
PAN. Cardholder data may also appear in the form of the full PAN plus any of the
following: cardholder name, expiration date and/or service code See Sensitive

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Greaterheights. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

84146 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart