PCIP PROFESSIONAL STUDY GUIDE 2026
QUESTIONS WITH ANSWERS GRADED A+
⩥ Cardholder Data includes: Answer: • Primary Account Number (PAN)
• Cardholder Name • Expiration Date • Service Code
⩥ Sensitive Authentication Data includes: Answer: • Full track data
(magnetic-stripe data or equivalent on a chip) • Card verification code •
PINs/PIN blocks
⩥ account data covers the following: Answer: the full PAN, any other
elements of cardholder data that are present with the PAN, and any
elements of sensitive authentication data.
⩥ Cannot be stored after authorization as defined in Requirement 3
Answer: Sensitive Authentication Data: full track / CVV / PIN
⩥ Scope of PCI DSS Requirements Answer: cardholder data
environment (CDE) / System components, people, and processes that
could impact the security of the CDE
⩥ is segmentation a requirement? Answer: No but it can greatly reduce
the scope, cost, difficulty, and risk involving processing and
compliance..
, ⩥ "Flat Network" Answer: entire network is in scope for the PCI DSS
assessment ( no segmentation)
⩥ Encrypted Cardholder Data and Impact on PCI DSS Scope Answer:
Encryption of cardholder data with strong cryptography is an acceptable
method of rendering the data unreadable according to PCI DSS
Requirement 3.5. However, encryption alone is generally insufficient to
render the cardholder data out of scope for PCI DSS and does not
remove the need for PCI DSS in that environment.
⩥ Compensating controls are part of which approach? Answer: Defined
Approach
⩥ Network security controls (NSCs) Answer: firewalls and other
network security tech - control network traffic between two or more
logical or physical network segments
⩥ data-flow diagram(s) Answer: should include all connection points
where account data is received into and sent out of the network,
including connections to open, public networks, application processing
flows, storage, transmissions between systems and networks, and file
backups.
⩥ Configurations of NSCs are reviewed at least once every Answer: six
months
QUESTIONS WITH ANSWERS GRADED A+
⩥ Cardholder Data includes: Answer: • Primary Account Number (PAN)
• Cardholder Name • Expiration Date • Service Code
⩥ Sensitive Authentication Data includes: Answer: • Full track data
(magnetic-stripe data or equivalent on a chip) • Card verification code •
PINs/PIN blocks
⩥ account data covers the following: Answer: the full PAN, any other
elements of cardholder data that are present with the PAN, and any
elements of sensitive authentication data.
⩥ Cannot be stored after authorization as defined in Requirement 3
Answer: Sensitive Authentication Data: full track / CVV / PIN
⩥ Scope of PCI DSS Requirements Answer: cardholder data
environment (CDE) / System components, people, and processes that
could impact the security of the CDE
⩥ is segmentation a requirement? Answer: No but it can greatly reduce
the scope, cost, difficulty, and risk involving processing and
compliance..
, ⩥ "Flat Network" Answer: entire network is in scope for the PCI DSS
assessment ( no segmentation)
⩥ Encrypted Cardholder Data and Impact on PCI DSS Scope Answer:
Encryption of cardholder data with strong cryptography is an acceptable
method of rendering the data unreadable according to PCI DSS
Requirement 3.5. However, encryption alone is generally insufficient to
render the cardholder data out of scope for PCI DSS and does not
remove the need for PCI DSS in that environment.
⩥ Compensating controls are part of which approach? Answer: Defined
Approach
⩥ Network security controls (NSCs) Answer: firewalls and other
network security tech - control network traffic between two or more
logical or physical network segments
⩥ data-flow diagram(s) Answer: should include all connection points
where account data is received into and sent out of the network,
including connections to open, public networks, application processing
flows, storage, transmissions between systems and networks, and file
backups.
⩥ Configurations of NSCs are reviewed at least once every Answer: six
months
