INCIDENT RESPONSE PROCEDURES FOR DATA BREACHES EXAM 2025
UPDATE QUESTIONS AND CORRECT VERIFIED ANSWERS ALREADY
GRADED A+ (BRAND NEW VISION)
What should be done if using a wireless network during a security breach? - answersChange the
Service Set Identifier (SSID) and password on the access point.
What level of alertness should be maintained during a security incident? - answersBe on HIGH
alert and monitor all VISA systems.
Who should be alerted in the event of a compromised Visa account? - answersInternal
information security group, Incident Response Team, Legal department, Merchant bank, VISA
Fraud Control Group, local FBI Office, U.S. Secret Service, or RCMP if VISA payment data is
compromised.
What must be done within 24 hours of identifying a compromised Visa account? - answersThe
compromised Visa account must be provided to the VISA Fraud Control Group.
How must account numbers be sent to VISA? - answersAccount numbers must be securely sent
as instructed by VISA.
What is the timeframe for merchant banks to provide proof of compliance to VISA after a
reported compr
omise? - answersMerchant banks must provide proof of Cardholder Information Security
Program compliance within 48 hours.
What documentation must merchant banks provide to VISA after a reported compromise? -
answersAn incident report document within four business days and an additional incident
report no later than fourteen days after the initial report.
,What steps must merchant banks take regarding the investigation of a compromise? -
answersMerchant banks must engage a VISA approved security assessor for a forensic
investigation and determine if the compromise has been contained.
What information must be obtained from the compromised entity? - answersInformation
about the compromise and whether an independent security firm has been engaged.
What is the first step for an entity after a suspected compromise? - answersInitiate an
investigation within 24 hours.
What types of cardholder information must be assessed during the forensic investigation? -
answersNumber of accounts at risk, type of account information at risk, account number,
expiration date, cardholder name, address, CVV2, Track 1 and Track 2 data.
What must be established during incident validation and assessment? - answersHow the
compromise occurred, the source of the compromise, the timeframe of the compromise, and
whether it has been contained.
What should be checked regarding data storage during the forensic investigation? -
answersEnsure that CVV2, Track 1, and Track 2 data are not stored anywhere, whether
encrypted or unencrypted.
What is required for VisaNet endpoint security review? - answersReview and determine the
risk associated with VisaNet endpoint security.
What must be preserved as part of the forensic investigation? - answersAll potential electronic
evidence on a platform suitable for court review.
What is the timeframe for notifying Discover Fraud Prevention after a compromise? -
answersNotify within 24 hours of an account compromise event.
, What specific steps must be taken for Discover Card after a compromise? - answersPrepare a
detailed written statement of fact and a list of all known compromised account numbers.
What must be done within 24 hours for American Express after a compromise? - answersNotify
American Express Merchant Services and prepare a detailed written statement of fact and a
list of all known compromised account numbers.
What is the purpose of the incident report documents provided to VISA? - answersTo document
the details of the compromise and actions taken in response.
What is the role of the VISA Fraud Control Group in the event of a compromise? - answersTo
receive compromised account information and distribute it to issuers while ensuring
confidentiality.
What actions must be taken to prevent future loss or theft of account information? -
answersEnsure compliance with VISA USA Cardholder Information Security Program
requirements.
What is the significance of the forensic investigation guidelines? - answersThey outline the
necessary steps to assess and address the compromise of account information.
What must be included in the forensic investigation report? - answersDetails of the
compromise, including the number of accounts at risk and the type of information
compromised.
What is the importance of engaging an independent forensic review? - answersTo provide an
unbiased assessment of the compromise and ensure compliance with security standards.
UPDATE QUESTIONS AND CORRECT VERIFIED ANSWERS ALREADY
GRADED A+ (BRAND NEW VISION)
What should be done if using a wireless network during a security breach? - answersChange the
Service Set Identifier (SSID) and password on the access point.
What level of alertness should be maintained during a security incident? - answersBe on HIGH
alert and monitor all VISA systems.
Who should be alerted in the event of a compromised Visa account? - answersInternal
information security group, Incident Response Team, Legal department, Merchant bank, VISA
Fraud Control Group, local FBI Office, U.S. Secret Service, or RCMP if VISA payment data is
compromised.
What must be done within 24 hours of identifying a compromised Visa account? - answersThe
compromised Visa account must be provided to the VISA Fraud Control Group.
How must account numbers be sent to VISA? - answersAccount numbers must be securely sent
as instructed by VISA.
What is the timeframe for merchant banks to provide proof of compliance to VISA after a
reported compr
omise? - answersMerchant banks must provide proof of Cardholder Information Security
Program compliance within 48 hours.
What documentation must merchant banks provide to VISA after a reported compromise? -
answersAn incident report document within four business days and an additional incident
report no later than fourteen days after the initial report.
,What steps must merchant banks take regarding the investigation of a compromise? -
answersMerchant banks must engage a VISA approved security assessor for a forensic
investigation and determine if the compromise has been contained.
What information must be obtained from the compromised entity? - answersInformation
about the compromise and whether an independent security firm has been engaged.
What is the first step for an entity after a suspected compromise? - answersInitiate an
investigation within 24 hours.
What types of cardholder information must be assessed during the forensic investigation? -
answersNumber of accounts at risk, type of account information at risk, account number,
expiration date, cardholder name, address, CVV2, Track 1 and Track 2 data.
What must be established during incident validation and assessment? - answersHow the
compromise occurred, the source of the compromise, the timeframe of the compromise, and
whether it has been contained.
What should be checked regarding data storage during the forensic investigation? -
answersEnsure that CVV2, Track 1, and Track 2 data are not stored anywhere, whether
encrypted or unencrypted.
What is required for VisaNet endpoint security review? - answersReview and determine the
risk associated with VisaNet endpoint security.
What must be preserved as part of the forensic investigation? - answersAll potential electronic
evidence on a platform suitable for court review.
What is the timeframe for notifying Discover Fraud Prevention after a compromise? -
answersNotify within 24 hours of an account compromise event.
, What specific steps must be taken for Discover Card after a compromise? - answersPrepare a
detailed written statement of fact and a list of all known compromised account numbers.
What must be done within 24 hours for American Express after a compromise? - answersNotify
American Express Merchant Services and prepare a detailed written statement of fact and a
list of all known compromised account numbers.
What is the purpose of the incident report documents provided to VISA? - answersTo document
the details of the compromise and actions taken in response.
What is the role of the VISA Fraud Control Group in the event of a compromise? - answersTo
receive compromised account information and distribute it to issuers while ensuring
confidentiality.
What actions must be taken to prevent future loss or theft of account information? -
answersEnsure compliance with VISA USA Cardholder Information Security Program
requirements.
What is the significance of the forensic investigation guidelines? - answersThey outline the
necessary steps to assess and address the compromise of account information.
What must be included in the forensic investigation report? - answersDetails of the
compromise, including the number of accounts at risk and the type of information
compromised.
What is the importance of engaging an independent forensic review? - answersTo provide an
unbiased assessment of the compromise and ensure compliance with security standards.
