PCI Fundamentals Questions | 100% Correct
Answers | Verified | Latest 2024 Version
The payment card brands are responsible for: - ✔✔penalty or fee assignment for non-compliance
Authorization of a transaction usually takes place: - ✔✔within one day
If a suspected card account number passes the Mod 10 test it means: - ✔✔it is definitely a valid PAN
Which of the following is true regarding network segmentation? - ✔✔Network segmentation is not a PCI
DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment card? -
✔✔Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? - ✔✔Every six months
Which Of the following statements is true concerning transaction volumes for merchants? -
✔✔Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances: - ✔✔NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: - ✔✔isolate systems that
store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: - ✔✔POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service provider? -
✔✔The entity must have an established process for engaging service providers, including proper due
diligence prior to engagement.
, When must critical new security patches be installed? - ✔✔Within one month of release
Which Of the following statements is true? - ✔✔PA-DSS compliant payment applications are in scope for
a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: - ✔✔between the cardholder
environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications? -
✔✔Acquirer
The Mod 10 formula doubles the value of alternate digits of the primary account number beginning with
which digit? - ✔✔Second from the left
Strong access control lists include the following: - ✔✔Do not allow "risky" protocols such as FTP or
Telnet.
Which of the following is true? - ✔✔A PA-DSS application installed by a QIR must still be reviewed during
the PCI DSS assessment.
PCI SSC Community Meetings: - ✔✔provide opportunity for PCI stakeholders to provide suggestions for
changes and improvements.
Which of the following is true regarding Track data: - ✔✔Track 1 contains all Track 2 data and additional
fields for use by the card issuer
Which of the following statements is true? - ✔✔All systems on a "flat network" are in scope for the PCI
DSS assessment.
Assessors must always use DSS requirements have been met. - ✔✔independent judgment
Answers | Verified | Latest 2024 Version
The payment card brands are responsible for: - ✔✔penalty or fee assignment for non-compliance
Authorization of a transaction usually takes place: - ✔✔within one day
If a suspected card account number passes the Mod 10 test it means: - ✔✔it is definitely a valid PAN
Which of the following is true regarding network segmentation? - ✔✔Network segmentation is not a PCI
DSS requirement
Which of the following is true related to the tracks of data on the magnetic stripe of a payment card? -
✔✔Track 1 contains all the fields of both track 1 and track 2
How Often should the firewall and router rule sets be reviewed? - ✔✔Every six months
Which Of the following statements is true concerning transaction volumes for merchants? -
✔✔Transaction volume is determined by each acquirer
Storing full track data after authorization is permitted under the following circumstances: - ✔✔NEVER
In order to reduce PCI DSS scope, adequate network segmentation should: - ✔✔isolate systems that
store, process, or transmit cardholder data from those that do not
Systems that commonly store track data: - ✔✔POSsystems
Which Of the following is true, regarding an entity sharing cardholder data with a service provider? -
✔✔The entity must have an established process for engaging service providers, including proper due
diligence prior to engagement.
, When must critical new security patches be installed? - ✔✔Within one month of release
Which Of the following statements is true? - ✔✔PA-DSS compliant payment applications are in scope for
a merchant's PCI DSS assessment
In accordance with PCI DSS Requirement 1, firewalls are required: - ✔✔between the cardholder
environment and Other internal networks
Which party is responsible for merchant compliance validation and merchant communications? -
✔✔Acquirer
The Mod 10 formula doubles the value of alternate digits of the primary account number beginning with
which digit? - ✔✔Second from the left
Strong access control lists include the following: - ✔✔Do not allow "risky" protocols such as FTP or
Telnet.
Which of the following is true? - ✔✔A PA-DSS application installed by a QIR must still be reviewed during
the PCI DSS assessment.
PCI SSC Community Meetings: - ✔✔provide opportunity for PCI stakeholders to provide suggestions for
changes and improvements.
Which of the following is true regarding Track data: - ✔✔Track 1 contains all Track 2 data and additional
fields for use by the card issuer
Which of the following statements is true? - ✔✔All systems on a "flat network" are in scope for the PCI
DSS assessment.
Assessors must always use DSS requirements have been met. - ✔✔independent judgment
