PCIP Exam Questions and answers 2023 passed
Can existing PCI DSS requirements be considered as compensating controls if
they are already required for the item under review?
NO
What are reasons to consider using compensating controls?
Legitimate technical constraints or documented business constraints
Do PCI DSS requirements apply if virtualization is used in the CDE?
YES
P2PE encrypts data at source and decrypts at destination
True
A compensating control must __________________________
meet the rigor and intent of the original requirement
A merchant with web based virtual terminals and no electronic cardholder data
storage must complete a _______
SAQ C-VT
Merchant with payment application systems connected to the internet with no
electronic cardholder data storage must complete a ____________
SAQ C
Create an ___________ that is __________ to be implemented in the event of a
breach
incident response plan - tested annually
Tool to assist merchants and service providers self-evaluate compliance with PCI
DSS
SAQ
Card not present merchants with all cardholder data source functions outsourced
must complete the ________
SAQ A
Minimum password length required by PCI DSS
7
Retain audit trail history for _____________years with minimum _______ months
immediately available
13
External penetration testing must be performed ___________
at least annually and after any significant upgrade or modification
Can existing PCI DSS requirements be considered as compensating controls if
they are already required for the item under review?
NO
What are reasons to consider using compensating controls?
Legitimate technical constraints or documented business constraints
Do PCI DSS requirements apply if virtualization is used in the CDE?
YES
P2PE encrypts data at source and decrypts at destination
True
A compensating control must __________________________
meet the rigor and intent of the original requirement
A merchant with web based virtual terminals and no electronic cardholder data
storage must complete a _______
SAQ C-VT
Merchant with payment application systems connected to the internet with no
electronic cardholder data storage must complete a ____________
SAQ C
Create an ___________ that is __________ to be implemented in the event of a
breach
incident response plan - tested annually
Tool to assist merchants and service providers self-evaluate compliance with PCI
DSS
SAQ
Card not present merchants with all cardholder data source functions outsourced
must complete the ________
SAQ A
Minimum password length required by PCI DSS
7
Retain audit trail history for _____________years with minimum _______ months
immediately available
13
External penetration testing must be performed ___________
at least annually and after any significant upgrade or modification
