PCI ISA Exam (QUESTIONS AND ANSWERS) | |
ALREADY PASSED!!!
AAA - ANSWER>>Acronym for "authentication, authorization, and accounting." Protocol for
authenticating a user based on their verifiable identity, authorizing a user based on their user rights,
and accounting for a user's consumption of network resources
Access Control - ANSWER>>Mechanisms that limit availability of information or information-
processing resources only to authorized persons or applications
Account Data - ANSWER>>consists of cardholder data and/or sensitive authentication data
Acquirer - ANSWER>>Also referred to as "merchant bank," "acquiring bank," or "acquiring financial
institution". Entity, typically a financial institution, that processes payment card transactions for
merchants and is defined by a payment brand as an acquirer. Acquirers are subject to payment brand
rules and procedures regarding merchant compliance
Administrative Access - ANSWER>>Elevated or increased privileges granted to an account in order for
that account ot manage systems, networks and/or applications.
Adware - ANSWER>>Type of malicious software that, when installed, forces a computer to
automatically display or download advertisements
AES - ANSWER>>Abbreviation for "Advanced Encryption Standard." Block cipher used in symmetric
cryptography adopted by NIST in November 2001
ANSI - ANSWER>>Acronym for "American National Standards Institute" Private, non-profit
organization that administers and coordinates the US voluntary standardization and conformity
assessment system
Anti-Virus - ANSWER>>Program or software capable of detecting, removing, and protecting against
various forms of malicious software including viruses, worms, Trojans
AOC - ANSWER>>Acronym for "attestation of compliance". The AOC is a form for merchants and
service providers to attest to the results of a PCI DSS assessment, as documented in the Self-
Assessment Questionnaire or Report on Compliance
AOV - ANSWER>>Acronym for "attestation of validation". The AOV is a form for PA_QSAs to attest to
the results of a PA_DSS assessment, as documented in the PA-DSS Report on Validation.
, Application - ANSWER>>Includes all purchased and custom software programs or groups of programs,
including both internal and external applications.
ASV - ANSWER>>Acronym for "approved Scanning Vendor". Company approved by the PCI SSC to
conduct external vulnerability scanning services.
Audit Log - ANSWER>>Also referred to as audit trail. Chronological record of system activities.
Provides an independently verifiable trail sufficient to permit reconstruction, review, and examination
of sequence of environments and activities surrounding or leading to operation, procedure, or event
in a transaction from inception to final results.
Authentication - ANSWER>>Process of verifying identity of an individual, device, or process.
Authentication Credentials - ANSWER>>Combination of the user ID or account ID plus the
authentication factors used to authenticate and individual, device, or process
Authorization - ANSWER>>In the context of access controls, authorization is the granting of access or
other rights to a user, program, or process.
In the context of a a payment card transaction, authorization occurs when a merchant receives
transaction approval after the acquirer to validates the transaction with the issuer/processor.
Backup - ANSWER>>A copy of data that is made in case the original data is lost or damaged. The
backup can be used to restore the original data.
BAU - ANSWER>>An acronym for "business as usual".
Bluetoot - ANSWER>>_____ is a wireless protocol designed for transmitting data over short distances,
replacing cables.
Buffer Overflow - ANSWER>>This attack occurs when an attacker leverages a vulnerability in an
application, causing data to be written to a memory area (that is, a buffer) that's being used by a
different application.
Card Skimmer - ANSWER>>A physical device, often attached to legitimate card-reading device,
designed to illegitimately capture and/or store the information from a payment card.
Compensating Controls - ANSWER>>may be considered when an entity cannot meet a requirement
explicitly as stated, due to legitimate technical or documented business constraints, but has
sufficiently mitigated the risk associated with the requirement through implementation of other
controls.
ALREADY PASSED!!!
AAA - ANSWER>>Acronym for "authentication, authorization, and accounting." Protocol for
authenticating a user based on their verifiable identity, authorizing a user based on their user rights,
and accounting for a user's consumption of network resources
Access Control - ANSWER>>Mechanisms that limit availability of information or information-
processing resources only to authorized persons or applications
Account Data - ANSWER>>consists of cardholder data and/or sensitive authentication data
Acquirer - ANSWER>>Also referred to as "merchant bank," "acquiring bank," or "acquiring financial
institution". Entity, typically a financial institution, that processes payment card transactions for
merchants and is defined by a payment brand as an acquirer. Acquirers are subject to payment brand
rules and procedures regarding merchant compliance
Administrative Access - ANSWER>>Elevated or increased privileges granted to an account in order for
that account ot manage systems, networks and/or applications.
Adware - ANSWER>>Type of malicious software that, when installed, forces a computer to
automatically display or download advertisements
AES - ANSWER>>Abbreviation for "Advanced Encryption Standard." Block cipher used in symmetric
cryptography adopted by NIST in November 2001
ANSI - ANSWER>>Acronym for "American National Standards Institute" Private, non-profit
organization that administers and coordinates the US voluntary standardization and conformity
assessment system
Anti-Virus - ANSWER>>Program or software capable of detecting, removing, and protecting against
various forms of malicious software including viruses, worms, Trojans
AOC - ANSWER>>Acronym for "attestation of compliance". The AOC is a form for merchants and
service providers to attest to the results of a PCI DSS assessment, as documented in the Self-
Assessment Questionnaire or Report on Compliance
AOV - ANSWER>>Acronym for "attestation of validation". The AOV is a form for PA_QSAs to attest to
the results of a PA_DSS assessment, as documented in the PA-DSS Report on Validation.
, Application - ANSWER>>Includes all purchased and custom software programs or groups of programs,
including both internal and external applications.
ASV - ANSWER>>Acronym for "approved Scanning Vendor". Company approved by the PCI SSC to
conduct external vulnerability scanning services.
Audit Log - ANSWER>>Also referred to as audit trail. Chronological record of system activities.
Provides an independently verifiable trail sufficient to permit reconstruction, review, and examination
of sequence of environments and activities surrounding or leading to operation, procedure, or event
in a transaction from inception to final results.
Authentication - ANSWER>>Process of verifying identity of an individual, device, or process.
Authentication Credentials - ANSWER>>Combination of the user ID or account ID plus the
authentication factors used to authenticate and individual, device, or process
Authorization - ANSWER>>In the context of access controls, authorization is the granting of access or
other rights to a user, program, or process.
In the context of a a payment card transaction, authorization occurs when a merchant receives
transaction approval after the acquirer to validates the transaction with the issuer/processor.
Backup - ANSWER>>A copy of data that is made in case the original data is lost or damaged. The
backup can be used to restore the original data.
BAU - ANSWER>>An acronym for "business as usual".
Bluetoot - ANSWER>>_____ is a wireless protocol designed for transmitting data over short distances,
replacing cables.
Buffer Overflow - ANSWER>>This attack occurs when an attacker leverages a vulnerability in an
application, causing data to be written to a memory area (that is, a buffer) that's being used by a
different application.
Card Skimmer - ANSWER>>A physical device, often attached to legitimate card-reading device,
designed to illegitimately capture and/or store the information from a payment card.
Compensating Controls - ANSWER>>may be considered when an entity cannot meet a requirement
explicitly as stated, due to legitimate technical or documented business constraints, but has
sufficiently mitigated the risk associated with the requirement through implementation of other
controls.
