PCI QIR Module 2 In-Person Exam Questions and Answers
5 views 0 purchase
Course
Pci
Institution
Pci
PCI QIR Module 2 In-Person Exam Questions and Answers
What is PA-DSS?
is a comprehensive set of requirements for payment applications, designed for payment application software vendors to facilitate their customers' PCI DSS compliance.
PA-DSS applies to third-party payment applications that st...
PCI QIR Module 2 In-Person Exam
Questions and Answers
What is PA-DSS? - answer is a comprehensive set of requirements for payment
applications, designed for payment application software vendors to facilitate their
customers' PCI DSS compliance.
PA-DSS applies to third-party payment applications that store, process, or transmit
cardholder data as part of authorization and/or settlement.
What is a Payment Application? - answer applications that store, process, or transmit
cardholder data as part of the authorization or settlement of payments are considered to
be payment applications.
Examples of these include point of sale applications, shopping carts, and so on.
PA-DSS applies to third-party payment applications that perform authorization or ____ -
answer Settlement
Which applications are exempt from a PA DSS Assessment? - answer Applications
not related to authorization and settlement, but that handle payment card data for other
purposes
for example: loyalty programs
Who determines whether or not a payment application is required to undergo a PA-DSS
assessment? - answer The individual payment brands
___ must validate that the payment application is installed in accordance with the
instructions in the PA-DSS Implementation Guide, and in a PCI DSS-compliant manner.
- answer PCI DSS Assessor
During a PCI DSS assessment, the assessor should focus on_________ - answer
verifying that the validated payment application:
Is implemented into a PCI DSS compliant environment, and
Is implemented according to the PA-DSS Implementation Guide.
Who establishes and enforces their own compliance program for PA-DSS? - answer
Payment Brands
Define CDE - answer Cardholder Data Environment
what are the 14 PA-DSS requirements? - answer 1. Do not retain full track data, card
validation codes or values, or PIN block data.
2. Protect stored cardholder data.
, 3. Provide secure authentication features.
4. Log Payment Application Activity.
5. Develop Secure Payment Applications.
6. Protect wireless transmissions.
7. Test Payment Applications to address vulnerabilities and maintain payment
application updates.
8. Facilitate secure network implementation.
9. Ensure that cardholder data is never stored on a server connected to the Internet.
10. Facilitate secure remote access to payment application.
11. Encrypt sensitive traffic over public networks.
12. Secure all non-console administrative access.
13. Maintain a PA-DSS Implementation Guide for customers, resellers, and integrators.
14. Assign PA-DSS responsibilities for personnel, and maintain training programs for
personnel, customers, resellers, and integrators.
Where is the summary of the content the application vendor is required to include in the
Implementation Guide? - answer Appendix A of the PA-DSS
During the application validation, who verifies that the instructions within the IG are
accurate, and that it contains the required information? - answer The PA-QSA
who is subjected to comply with PCI DSS? - answer Any entity involved in payment
card processing. This includes merchants, processors, acquirers, issuers, and service
providers.
when do PCI DSS requirements apply? - answer wherever account data is stored,
processed, or transmitted.
The PCI DSS is based on six primary goals. These goals are: - answer Build and
maintain a secure network and Systems
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
How many PCI DSS Requirements are designed to meet those six goals? - answer
12
what need does Requirement 1 of the PCI DSS address? - answer the need to install
and maintain a firewall configuration to protect cardholder data.
why are firewalls important? - answer They control the traffic allowed between an
entity's networks and un-trusted networks, as well as traffic into and out of sensitive
areas such as the entity's cardholder data environment.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.