PCI Fundamentals || 100% Verified Answers.
The payment card brands are responsible for: correct answers penalty or fee assignment for non-
compliance
Authorization of a transaction usually takes place: correct answers within one day
If a suspected card account number passes the Mod 10 test it means: correct answers it is
definitely a valid PAN
Which of the following is true regarding network segmentation? correct answers Network
segmentation is not a PCI DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment
card? correct answers Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? correct answers Every six
months
Which Of the following statements is true concerning transaction volumes for merchants? correct
answers Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances: correct
answers NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: correct answers
isolate systems that store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: correct answers POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service
provider? correct answers The entity must have an established process for engaging service
providers, including proper due diligence prior to engagement.
When must critical new security patches be installed? correct answers Within one month of
release
Which Of the following statements is true? correct answers PA-DSS compliant payment
applications are in scope for a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: correct answers between the
cardholder environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications?
correct answers Acquirer
, The Mod 10 formula doubles the value of alternate digits of the primary account number
beginning with which digit? correct answers Second from the left
Strong access control lists include the following: correct answers Do not allow "risky" protocols
such as FTP or Telnet.
Which of the following is true? correct answers A PA-DSS application installed by a QIR must
still be reviewed during the PCI DSS assessment.
PCI SSC Community Meetings: correct answers provide opportunity for PCI stakeholders to
provide suggestions for changes and improvements.
Which of the following is true regarding Track data: correct answers Track 1 contains all Track 2
data and additional fields for use by the card issuer
Which of the following statements is true? correct answers All systems on a "flat network" are in
scope for the PCI DSS assessment.
Assessors must always use DSS requirements have been met. correct answers independent
judgment
Assessors must always use DSS requirements have been met. correct answers independent
judgment
If a merchant is using a validated P2PE solution: correct answers the merchant is responsible for
ensuring their own PCI DSS compliance
If an assessor wishes to use sampling during a PCI DSS assessment of a merchant environment,
the assessor must ensure: correct answers the sample selection is representative Of all types Of
system components in the environment.
Which Of the following merchant environments could be eligible for SAQ B? correct answers
Merchant with standalone dial-out terminals, and no electronic cardholder data storage
A service provider with no electronic cardholder data storage may be eligible to complete:
correct answers SAQ D
It is permissible to store track data only if: correct answers An issuer has a business reason
Typically, these accounts have elevated or increased privileges with more rights than a standard
user account: correct answers Privileged User
A common error in scoping a PCI DSS assessment includes: correct answers Assuming
encrypted data is out-of-scope
The payment card brands are responsible for: correct answers penalty or fee assignment for non-
compliance
Authorization of a transaction usually takes place: correct answers within one day
If a suspected card account number passes the Mod 10 test it means: correct answers it is
definitely a valid PAN
Which of the following is true regarding network segmentation? correct answers Network
segmentation is not a PCI DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment
card? correct answers Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? correct answers Every six
months
Which Of the following statements is true concerning transaction volumes for merchants? correct
answers Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances: correct
answers NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: correct answers
isolate systems that store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: correct answers POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service
provider? correct answers The entity must have an established process for engaging service
providers, including proper due diligence prior to engagement.
When must critical new security patches be installed? correct answers Within one month of
release
Which Of the following statements is true? correct answers PA-DSS compliant payment
applications are in scope for a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: correct answers between the
cardholder environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications?
correct answers Acquirer
, The Mod 10 formula doubles the value of alternate digits of the primary account number
beginning with which digit? correct answers Second from the left
Strong access control lists include the following: correct answers Do not allow "risky" protocols
such as FTP or Telnet.
Which of the following is true? correct answers A PA-DSS application installed by a QIR must
still be reviewed during the PCI DSS assessment.
PCI SSC Community Meetings: correct answers provide opportunity for PCI stakeholders to
provide suggestions for changes and improvements.
Which of the following is true regarding Track data: correct answers Track 1 contains all Track 2
data and additional fields for use by the card issuer
Which of the following statements is true? correct answers All systems on a "flat network" are in
scope for the PCI DSS assessment.
Assessors must always use DSS requirements have been met. correct answers independent
judgment
Assessors must always use DSS requirements have been met. correct answers independent
judgment
If a merchant is using a validated P2PE solution: correct answers the merchant is responsible for
ensuring their own PCI DSS compliance
If an assessor wishes to use sampling during a PCI DSS assessment of a merchant environment,
the assessor must ensure: correct answers the sample selection is representative Of all types Of
system components in the environment.
Which Of the following merchant environments could be eligible for SAQ B? correct answers
Merchant with standalone dial-out terminals, and no electronic cardholder data storage
A service provider with no electronic cardholder data storage may be eligible to complete:
correct answers SAQ D
It is permissible to store track data only if: correct answers An issuer has a business reason
Typically, these accounts have elevated or increased privileges with more rights than a standard
user account: correct answers Privileged User
A common error in scoping a PCI DSS assessment includes: correct answers Assuming
encrypted data is out-of-scope
