Name: Score:
54 Multiple choice questions
Term 1 of 54
Which of the following may be used to render unreadable in order to meet requirement 3.4?
Encryption of the first six and last four numbers of the PAN
Hashing the entire PAN using strong cryptography
Masking the entire PAN using industry standards
Hiding the column containing PAN data in the database
Term 2 of 54
PCI-DSS Requirement 3.4 stats that PAN must be rendered unreadable when stored. Which of the
following must be used to meet the requirement?
Encryption in the first six and the last four numbers of the PAN
Hiding the column containing PAN data in the database
Hashing the entire PAN using strong cryptography
Masking the entire PAN using industry standards
Term 3 of 54
A company that _______ is considered to be a service provider.
Is a founding member if PCI SSC
Control or could impact the security of another's cardholder entity data
Is a payment card brand
Is not also a merchant
,Term 4 of 54
Storing track data is permitted when _____.
It is reported to the PCI SSC annually in a ROC
It is being stored by the issuer with the business justification
It is encrypted by the merchant storing it.
It is hashed by the merchants storing it.
Term 5 of 54
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes:
Examining system configurations to ensure that whitelisting technologies are enabled
Installing malware to exploit the vulnerability
Interview firewall administrator to identify open ports and protocols
Reviewing software development policies and procedures
Term 6 of 54
External ASV scans are required to be performed:
Monthly
Every six months
Quarterly
Annually
, Term 7 of 54
Storing track data "long term" or "persistently" is permitted when_______.
It is hashed by the merchants storing it.
It is reported to the PCI SSC annually in a ROC
It is encrypted by the merchant storing it.
It is being stored by the issuers
Term 8 of 54
When a PAN is displayed to an employee who does NOT need to see full PAN , the minimum
digits to be masked are:
- Only the last four
- All digits between the first six and last four
- The first six and last four
- First four and last four digits
All of the options
The first 6 and last 4
ASV scan results
Default deny all
Term 9 of 54
The P2PE standard covers:
Physical security requirements for manufacturing payment cards
Encryption, Decryption, and key managements from point-to-point encryption solutions
Secure payment applications for settlement
Mechanism used to protect the PIN blocks
54 Multiple choice questions
Term 1 of 54
Which of the following may be used to render unreadable in order to meet requirement 3.4?
Encryption of the first six and last four numbers of the PAN
Hashing the entire PAN using strong cryptography
Masking the entire PAN using industry standards
Hiding the column containing PAN data in the database
Term 2 of 54
PCI-DSS Requirement 3.4 stats that PAN must be rendered unreadable when stored. Which of the
following must be used to meet the requirement?
Encryption in the first six and the last four numbers of the PAN
Hiding the column containing PAN data in the database
Hashing the entire PAN using strong cryptography
Masking the entire PAN using industry standards
Term 3 of 54
A company that _______ is considered to be a service provider.
Is a founding member if PCI SSC
Control or could impact the security of another's cardholder entity data
Is a payment card brand
Is not also a merchant
,Term 4 of 54
Storing track data is permitted when _____.
It is reported to the PCI SSC annually in a ROC
It is being stored by the issuer with the business justification
It is encrypted by the merchant storing it.
It is hashed by the merchants storing it.
Term 5 of 54
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes:
Examining system configurations to ensure that whitelisting technologies are enabled
Installing malware to exploit the vulnerability
Interview firewall administrator to identify open ports and protocols
Reviewing software development policies and procedures
Term 6 of 54
External ASV scans are required to be performed:
Monthly
Every six months
Quarterly
Annually
, Term 7 of 54
Storing track data "long term" or "persistently" is permitted when_______.
It is hashed by the merchants storing it.
It is reported to the PCI SSC annually in a ROC
It is encrypted by the merchant storing it.
It is being stored by the issuers
Term 8 of 54
When a PAN is displayed to an employee who does NOT need to see full PAN , the minimum
digits to be masked are:
- Only the last four
- All digits between the first six and last four
- The first six and last four
- First four and last four digits
All of the options
The first 6 and last 4
ASV scan results
Default deny all
Term 9 of 54
The P2PE standard covers:
Physical security requirements for manufacturing payment cards
Encryption, Decryption, and key managements from point-to-point encryption solutions
Secure payment applications for settlement
Mechanism used to protect the PIN blocks
