PCI Fundamentals with all Correct & 100% Verified
Answers |Latest Version |Already Graded A+
The payment card brands are responsible for: ✔Correct Answer-penalty or fee assignment for non-
compliance
Authorization of a transaction usually takes place: ✔Correct Answer-within one day
If a suspected card account number passes the Mod 10 test it means: ✔Correct Answer-it is
definitely a valid PAN
Which of the following is true regarding network segmentation? ✔Correct Answer-Network
segmentation is not a PCI DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment card?
✔Correct Answer-Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? ✔Correct Answer-Every six
months
Which Of the following statements is true concerning transaction volumes for merchants?
✔Correct Answer-Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances:
✔Correct Answer-NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: ✔Correct Answer-
isolate systems that store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: ✔Correct Answer-POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service provider?
✔Correct Answer-The entity must have an established process for engaging service providers,
including proper due diligence prior to engagement.
When must critical new security patches be installed? ✔Correct Answer-Within one month of
release
Which Of the following statements is true? ✔Correct Answer-PA-DSS compliant payment
applications are in scope for a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: ✔Correct Answer-between the
cardholder environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications?
✔Correct Answer-Acquirer
The Mod 10 formula doubles the value of alternate digits of the primary account number beginning
with which digit? ✔Correct Answer-Second from the left
, Strong access control lists include the following: ✔Correct Answer-Do not allow "risky" protocols
such as FTP or Telnet.
Which of the following is true? ✔Correct Answer-A PA-DSS application installed by a QIR must still
be reviewed during the PCI DSS assessment.
PCI SSC Community Meetings: ✔Correct Answer-provide opportunity for PCI stakeholders to
provide suggestions for changes and improvements.
Which of the following is true regarding Track data: ✔Correct Answer-Track 1 contains all Track 2
data and additional fields for use by the card issuer
Which of the following statements is true? ✔Correct Answer-All systems on a "flat network" are in
scope for the PCI DSS assessment.
Assessors must always use DSS requirements have been met. ✔Correct Answer-independent
judgment
If a merchant is using a validated P2PE solution: ✔Correct Answer-the merchant is responsible for
ensuring their own PCI DSS compliance
If an assessor wishes to use sampling during a PCI DSS assessment of a merchant environment, the
assessor must ensure: ✔Correct Answer-the sample selection is representative Of all types Of
system components in the environment.
Which Of the following merchant environments could be eligible for SAQ B? ✔Correct Answer-
Merchant with standalone dial-out terminals, and no electronic cardholder data storage
A service provider with no electronic cardholder data storage may be eligible to complete:
✔Correct Answer-SAQ D
It is permissible to store track data only if: ✔Correct Answer-An issuer has a business reason
Typically, these accounts have elevated or increased privileges with more rights than a standard user
account: ✔Correct Answer-Privileged User
A common error in scoping a PCI DSS assessment includes: ✔Correct Answer-Assuming encrypted
data is out-of-scope
The assessment kickoff phase should include: ✔Correct Answer-Planning, PCI Updates, Approach
review, Key Dates, Key Roles and Responsibilities, Project Governance
This SAQ should be used for Merchants with Payment Application Systems Connected to the Internet
- No Electronic Cardholder Data Storage: ✔Correct Answer-SAQ C
The purpose of the Data Flow Diagram is for: ✔Correct Answer-Unique diagram that specifically
describes the flow of card data elements through the system
A compensating control is used when: ✔Correct Answer-An entity cannot a requirement explicitly
as stated
Answers |Latest Version |Already Graded A+
The payment card brands are responsible for: ✔Correct Answer-penalty or fee assignment for non-
compliance
Authorization of a transaction usually takes place: ✔Correct Answer-within one day
If a suspected card account number passes the Mod 10 test it means: ✔Correct Answer-it is
definitely a valid PAN
Which of the following is true regarding network segmentation? ✔Correct Answer-Network
segmentation is not a PCI DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment card?
✔Correct Answer-Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? ✔Correct Answer-Every six
months
Which Of the following statements is true concerning transaction volumes for merchants?
✔Correct Answer-Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances:
✔Correct Answer-NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: ✔Correct Answer-
isolate systems that store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: ✔Correct Answer-POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service provider?
✔Correct Answer-The entity must have an established process for engaging service providers,
including proper due diligence prior to engagement.
When must critical new security patches be installed? ✔Correct Answer-Within one month of
release
Which Of the following statements is true? ✔Correct Answer-PA-DSS compliant payment
applications are in scope for a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: ✔Correct Answer-between the
cardholder environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications?
✔Correct Answer-Acquirer
The Mod 10 formula doubles the value of alternate digits of the primary account number beginning
with which digit? ✔Correct Answer-Second from the left
, Strong access control lists include the following: ✔Correct Answer-Do not allow "risky" protocols
such as FTP or Telnet.
Which of the following is true? ✔Correct Answer-A PA-DSS application installed by a QIR must still
be reviewed during the PCI DSS assessment.
PCI SSC Community Meetings: ✔Correct Answer-provide opportunity for PCI stakeholders to
provide suggestions for changes and improvements.
Which of the following is true regarding Track data: ✔Correct Answer-Track 1 contains all Track 2
data and additional fields for use by the card issuer
Which of the following statements is true? ✔Correct Answer-All systems on a "flat network" are in
scope for the PCI DSS assessment.
Assessors must always use DSS requirements have been met. ✔Correct Answer-independent
judgment
If a merchant is using a validated P2PE solution: ✔Correct Answer-the merchant is responsible for
ensuring their own PCI DSS compliance
If an assessor wishes to use sampling during a PCI DSS assessment of a merchant environment, the
assessor must ensure: ✔Correct Answer-the sample selection is representative Of all types Of
system components in the environment.
Which Of the following merchant environments could be eligible for SAQ B? ✔Correct Answer-
Merchant with standalone dial-out terminals, and no electronic cardholder data storage
A service provider with no electronic cardholder data storage may be eligible to complete:
✔Correct Answer-SAQ D
It is permissible to store track data only if: ✔Correct Answer-An issuer has a business reason
Typically, these accounts have elevated or increased privileges with more rights than a standard user
account: ✔Correct Answer-Privileged User
A common error in scoping a PCI DSS assessment includes: ✔Correct Answer-Assuming encrypted
data is out-of-scope
The assessment kickoff phase should include: ✔Correct Answer-Planning, PCI Updates, Approach
review, Key Dates, Key Roles and Responsibilities, Project Governance
This SAQ should be used for Merchants with Payment Application Systems Connected to the Internet
- No Electronic Cardholder Data Storage: ✔Correct Answer-SAQ C
The purpose of the Data Flow Diagram is for: ✔Correct Answer-Unique diagram that specifically
describes the flow of card data elements through the system
A compensating control is used when: ✔Correct Answer-An entity cannot a requirement explicitly
as stated
