PCI DSS EXAM (PCIP EXAM) COMPUTER
SCIENCE QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE
QIR Qualified Integrators & Resellers
Qualified Integrators & Resellers- authorized by the SSC to implement,
configure and/or support PA-DSS payment applications. Visa requires all four
levels of merchants use QIRs for POS application and terminal installation and
servicing
Compensating Controls
An alternative control, put in place to satisfy the requirement for a security
measure that is deemed too difficult or impractical to implement at the present
time.
Permitted reasons for using Compensating Controls
Organizations needing an alternative to security requirements that could not be
met due to legitimate technological OR documented business constraints (e.g.
Page 1 of 73
,too expensive), but has sufficiently mitigated the risk associated with the
requirement through implementation of other compensating controls
Examples of Compensating Controls
(i) Segregation of Duties (SOD) and (ii) Encryption
PCI Data Security Standard (PCI DSS)
The PCI DSS applies to all entities that store, process, and/or transmit
cardholder data. It covers technical
and operational system components included in or connected to cardholder data.
If you accept or process payment cards, PCI DSS applies to you.
Sensitive Authentication Data
Merchants, service providers, and other
Page 2 of 73
,entities involved with payment card processing must never store sensitive
authentication data after
authorization. This includes the 3- or 4- digit security code printed on the front
or back of a card (CVD), the data stored on a card's magnetic stripe or chip (also
called "Full Track Data") - and personal identification numbers (PIN) entered
by the cardholder.
Card Verification Data Codes (CVD)
3 or 4 digit code that further authenticates a not-present cardholder
Visa-CVV2
MC- CVC2
Discover- CVD
JCB-CAV2
AmEx- CID
Page 3 of 73
, Requirement 1
Install and maintain a firewall configuration to protect cardholder data
Network devices in scope for Requirement 1
Firewalls and Routers- Routers connect traffic between networks, Firewalls
control the traffic between networks and within internal network
-requires review of configuration rule sets at least every 6 months
Compensating Controls must:
1) Meet the intent and rigor of the original stated requirement;
2) Provide a similar level of defense as the original stated requirement;
Page 4 of 73
SCIENCE QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE
QIR Qualified Integrators & Resellers
Qualified Integrators & Resellers- authorized by the SSC to implement,
configure and/or support PA-DSS payment applications. Visa requires all four
levels of merchants use QIRs for POS application and terminal installation and
servicing
Compensating Controls
An alternative control, put in place to satisfy the requirement for a security
measure that is deemed too difficult or impractical to implement at the present
time.
Permitted reasons for using Compensating Controls
Organizations needing an alternative to security requirements that could not be
met due to legitimate technological OR documented business constraints (e.g.
Page 1 of 73
,too expensive), but has sufficiently mitigated the risk associated with the
requirement through implementation of other compensating controls
Examples of Compensating Controls
(i) Segregation of Duties (SOD) and (ii) Encryption
PCI Data Security Standard (PCI DSS)
The PCI DSS applies to all entities that store, process, and/or transmit
cardholder data. It covers technical
and operational system components included in or connected to cardholder data.
If you accept or process payment cards, PCI DSS applies to you.
Sensitive Authentication Data
Merchants, service providers, and other
Page 2 of 73
,entities involved with payment card processing must never store sensitive
authentication data after
authorization. This includes the 3- or 4- digit security code printed on the front
or back of a card (CVD), the data stored on a card's magnetic stripe or chip (also
called "Full Track Data") - and personal identification numbers (PIN) entered
by the cardholder.
Card Verification Data Codes (CVD)
3 or 4 digit code that further authenticates a not-present cardholder
Visa-CVV2
MC- CVC2
Discover- CVD
JCB-CAV2
AmEx- CID
Page 3 of 73
, Requirement 1
Install and maintain a firewall configuration to protect cardholder data
Network devices in scope for Requirement 1
Firewalls and Routers- Routers connect traffic between networks, Firewalls
control the traffic between networks and within internal network
-requires review of configuration rule sets at least every 6 months
Compensating Controls must:
1) Meet the intent and rigor of the original stated requirement;
2) Provide a similar level of defense as the original stated requirement;
Page 4 of 73
