Name: Score:
157 Multiple choice questions
Definition 1 of 157
Build and maintain a secure network and system
Goal 3 (incident management)
Goal 2 (user awareness)
Goal 4 (data integrity)
Goal 1
Term 2 of 157
Requirement 3.2.2.
Do not store the card verification code or value after authorization.
For service provider, implement a process for the timely detection and reporting of failures
of critical security control systems, including but not limited to failure of: firewalls, IDS/IPS,
FIM, anti-virus, physical access controls, logical access controls, audit logging mechanisms,
and segmentation controls
Additional PCI DSS Requirements for Shared Hosting Providers
Render PAN unreadable anywhere it is stored by using any one-way hashes, truncation,
index token and pads, and strong cryptography with associated key-management
processes and procedures.
Term 3 of 157
Goal 5
Limit network access to only one device
Disable all monitoring tools
Ignore network performance metrics
Regular monitor and test networks
,Term 4 of 157
Requirement 6.3
Develop internal and external software application securely
Focus only on internal applications for security.
Use outdated software development practices.
Neglect security in favor of faster development.
Definition 5 of 157
requires two or more people to perform a function, and no single person can access or use the
authentication materials of another.
Constant speed control
Dual control
Saq-b-ip
Split knowledge
Term 6 of 157
Which organization is the final step in the authorization approval process?
Subject name
Revoke the pcip qualification
Site data protection
Issuing entity
,Definition 7 of 157
Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
Goal 5
Requirement 3.4
SAQ-B
SAQ P2PE
Term 8 of 157
Where should firewalls be placed?
within the cardholder data environment only
on the internal network without restrictions
between the cardholder data environment and the internet
between employee workstations and printers
Term 9 of 157
Which PCI standart helps secure physical devices used to read cardholder data such as magnetic
stripe and EVM chip readers?
PCI PTS HSM
SAQ-A EP
POS SYSTEMS
SITE DATA PROTECTION
, Term 10 of 157
Media
Restrict access to cardholder data by business need to know
Access is assigned to all users based on the access needs of the least-privileged user
refers to all paper and electronic media containing cardholder data.
Protect all systems against malware and regularly update anti-virus software or programs.
Term 11 of 157
Sensitive Authentication Data includes what?
Transaction amounts and dates
Full track data (magnetic-stripe data or equivalent on a chip), CAV2/CVC2/CVV2/CID, and
PINs/PIN Block
Only the cardholder's name and email
Account creation dates and user preferences
Term 12 of 157
Goal 3
Regular monitor and test networks
Maintain a vulnerability management
Corporate networks and the cardholder data environment
Protect cardholder data
157 Multiple choice questions
Definition 1 of 157
Build and maintain a secure network and system
Goal 3 (incident management)
Goal 2 (user awareness)
Goal 4 (data integrity)
Goal 1
Term 2 of 157
Requirement 3.2.2.
Do not store the card verification code or value after authorization.
For service provider, implement a process for the timely detection and reporting of failures
of critical security control systems, including but not limited to failure of: firewalls, IDS/IPS,
FIM, anti-virus, physical access controls, logical access controls, audit logging mechanisms,
and segmentation controls
Additional PCI DSS Requirements for Shared Hosting Providers
Render PAN unreadable anywhere it is stored by using any one-way hashes, truncation,
index token and pads, and strong cryptography with associated key-management
processes and procedures.
Term 3 of 157
Goal 5
Limit network access to only one device
Disable all monitoring tools
Ignore network performance metrics
Regular monitor and test networks
,Term 4 of 157
Requirement 6.3
Develop internal and external software application securely
Focus only on internal applications for security.
Use outdated software development practices.
Neglect security in favor of faster development.
Definition 5 of 157
requires two or more people to perform a function, and no single person can access or use the
authentication materials of another.
Constant speed control
Dual control
Saq-b-ip
Split knowledge
Term 6 of 157
Which organization is the final step in the authorization approval process?
Subject name
Revoke the pcip qualification
Site data protection
Issuing entity
,Definition 7 of 157
Merchants using only:
- Imprint machines with no electronic cardholder data storage; and/or
- Standalone, dial-out terminals with no electronic cardholder data storage.
Goal 5
Requirement 3.4
SAQ-B
SAQ P2PE
Term 8 of 157
Where should firewalls be placed?
within the cardholder data environment only
on the internal network without restrictions
between the cardholder data environment and the internet
between employee workstations and printers
Term 9 of 157
Which PCI standart helps secure physical devices used to read cardholder data such as magnetic
stripe and EVM chip readers?
PCI PTS HSM
SAQ-A EP
POS SYSTEMS
SITE DATA PROTECTION
, Term 10 of 157
Media
Restrict access to cardholder data by business need to know
Access is assigned to all users based on the access needs of the least-privileged user
refers to all paper and electronic media containing cardholder data.
Protect all systems against malware and regularly update anti-virus software or programs.
Term 11 of 157
Sensitive Authentication Data includes what?
Transaction amounts and dates
Full track data (magnetic-stripe data or equivalent on a chip), CAV2/CVC2/CVV2/CID, and
PINs/PIN Block
Only the cardholder's name and email
Account creation dates and user preferences
Term 12 of 157
Goal 3
Regular monitor and test networks
Maintain a vulnerability management
Corporate networks and the cardholder data environment
Protect cardholder data
