Exam (elaborations)
PCI Knowledge Check Questions and Answers 100% Solved
- Course
- Institution
Exam of 6 pages for the course pci at pci (PCI Knowledge Check)
[Show more]
Content preview
PCI Knowledge CheckMethods for stealing payment card data - answer Methods for stealing payment card
data include physical skimming, malware and weak passwords.
The PCI DSS applies to: - answer The PCI DSS applies to any entity that stores,
processes, or transmits payment card account data.
The P2PE standard covers: - answer The P2PE Standard covers encryption,
decryption, key management requirements for point-to-point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement - answer-DSS (Payment Application Data Security Standard) PA-DSS is the
standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant - answer False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? - answerAcquirers are
involved in authentication, clearing and statement for their merchant.
Which of the following entities will ultimately approve a purchase? - answerThe issuer
ultimately approves the purchase
In which step does the payment brand network provide complete recognition to the
merchant's bank. - answerDuring clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. - answerA
company that controls impact the security of cardholder data is considered to be a
service provider.
Which of the following are parts of the examples of service providers? - answerData
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations
(ISOs) or External Sales Agents (ESAs) are examples of Service Providers.
Which of the following are parts of the Payment Brand role? - answerThe role played by
the Payment Brands include developing and enforcing compliance programs, accepting
validation documentation from approved QSA, PA-QSA, and ASV companies and their
employees, and endorsing QSA, PA-QSA, and ASV company qualification criteria.
, Merchant obligation may include submitting their compliance status to multiple entities. -
answerTrue - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS
compliance validation reporting process? - answerLevel 1 and Level 2 merchants need
quarterly external vulnerability scans to be performed by an ASV. Level 2 merchants
may use SAQ validate compliance.
SAQ D - answerService provider using only web based virtual terminal
SAQ A - answerMO/TO merchant with all payment functions outsourced to a compliant
service provider
SAQ C - answerMerchant with standalone payment application connected to the
internet
SAQ B - answerMerchant with only card-present dial-out terminals.
SAQ P2PE - answerMerchant who is using a validated P2PE solution listed on the PCI
SSC Website
SAQ A-EP - answerAn online merchant with a payment page that accepts cardholder
data, but transmits the data to a PCI DSS-compliant service provider
SAQ A - answerAn online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP - answerMerchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? - answerThird party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or
transmits cardholder data for authorization or settlement, and are sold, licensed or
distributed off-the-self to third parties.
Use of Qualified Integrator/Reseller(QIR) : - answerUse of Qualified
Integrator/Reseller(QIR) is a good step toward PCI DSS compliance.
The presumption of P2PE is that: - answerThe presumption of P2PE is that data cannot
be decrypted between the source and the destination point
Which entity is responsible for developing and enforcing compliance programs? -
answerPayment Brands are responsible for enforcing compliance.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jw638729. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78252 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now