PCIP Practice Questions

PCIP Practice Questions Which of the below functions is associated with Acquirers? A. Provide settlement services to a merchant B. Provide authorization services to a merchant C. Provide clearing services to a merchant D. All of the options Ans- Correct Answer: D Which of the following entities will actually approve a purchase? A. Non-Issuing Merchant Bank B. Issuing Bank C. Payment Transaction Gateway D. Acquiring Bank Ans- Correct Answer: B Which of the following lists the correct "order" for the flow of a payment card transaction? A. Clearing, Settlement, Authorization B. Clearing, Authorization, Settlement C. Authorization, Clearing, Settlement D. Authorization, Settlement, Clearing Ans- Correct Answer: C Service Providers include companies which_____________or could______________the security of cardholder data. A. are PCI compliant, prove effective controls for B. control, impact C. manage, test D. control, subrogate Ans- Correct Answer: B QUESTION 16 Cardholder Data may be stored in "KNOWN" and "UNKNOWN" locations. A. True B. False Ans- Correct Answer: A Storing Track Data "Long-Term" or "persistently" may be permitted if_______________. A. it is being stored by issuers B. it is reported to the PCI SSC annually in a RoC C. it is encrypted by the merchant storing it D. it is hashed by the merchant storing it Ans- Correct Answer: A PCI DSS Requirement 3.4 states the PAN must be rendered unreadable when stored, using___________. A. Encryption, Truncation, or Obfuscating B. Hashing, Scrambling, or Encrypting C. Encryption, Hashing, or Truncation D. Truncation, Scrambling, or Encrypting Ans- Correct Answer: C Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure? A. SSH B. RLogon C. Telnet D. FTP Ans- Correct Answer: A When scoping an environment for a PCI DSS assessment, it is important to identify _______________. A. All flows of cardholder data B. All of the options C. Components that store cardholder data D. Business facilities involved in processing transactions Ans- Correct Answer: B QUESTION 21 Merchants involved with only e-commerce transactions that are completely outsourced to a PCI DSS compliant service provider would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ D D. SAQ A Ans- Correct Answer: D Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ A D. SAQ D Ans- Correct Answer: B When a Service Provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used? A. SAQ D B. SAQ B C. SAQ A D. SAQ C Ans- Correct Answer: A Information Supplements provided by the PCI SSC may "supersede" requirements. A. True B. False Ans- Correct Answer: B If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies. A. False B. True Ans- Correct Answer: B The presumption of P2PE is that cardholder data in transit is protected when it is encrypted to the extent that an entity in possession of the ciphertext alone can easily reverse the encryption process A. False B. True Ans- Correct Answer: A Encrypting account data at the point of capture is one way an entity involved in payment card processing via mobile devices can actively help in controlling risks to the security of cardholder data. A. True B. False Ans- Correct Answer: A In order to be considered a compensating control, which of the following must exist? A. A legitimate technical constraint and a documented business constraint. B. A legitimate technical constraint. C. A legitimate technical constraint of a documented business constraint. D. A documented business constraint. Ans- Correct Answer: C PCI DSS Requirement 1 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) Ans- Correct Answer: A PCI DSS Requirement 2 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) Ans- Correct Answer: B PCI DSS Requirement 3 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) Ans- Correct Answer: C PCI DSS Requirement 4 A. Install and maintain a firewall configuration to protect cardholder data B. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods C. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) D. Use and regularly update anti-virus software or programs Ans- Correct Answer: C PCI DSS Requirement 5 A. Use and regularly update anti-virus software or programs B. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Do not use vendor supplied defaults for system passwords and other security parameters AnsCorrect Answer: A PCI DSS Requirement 6 A. Use and regularly update anti-virus software or programs B. Develop and maintain secure systems and applications C. Assign a unique ID to each person with computer access D. Restrict access to cardholder data by business need to know Ans- Correct Answer: B PCI DSS Requirement 8 A. Identify and authenticate access to system components B. Restrict physical access to cardholder data C. Develop and maintain secure systems and applications D. Use and regularly update anti-virus software or programs Ans-