PCI Fundamentals Practice Exam
PCI Fundamentals Practice Exam
60 Questions with Answers at End of Exam| Foundational
Level
Section 1: Multiple Choice (Questions 1-40)
Select the single best answer for each question.
1. What does PCI DSS stand for?
a) Payment Card Industry Data Security Standard
b) Personal Credit Information Data Security Standard
c) Payment Card International Data Security System
d) Private Cardholder Information Data Security Standard
2. Which of the following is considered the Primary Account Number (PAN)?
a) The cardholder's name
b) The 16-digit number on the front of a payment card
c) The CVV code on the back of the card
d) The card expiration date
3. Which of the following is classified as Sensitive Authentication Data (SAD)?
a) Cardholder name
b) Expiration date
c) Full magnetic stripe data
d) Service code
4. What is the primary purpose of the PCI DSS?
a) To increase credit card sales
b) To protect cardholder data and reduce payment card fraud
c) To standardize payment processing hardware
d) To eliminate cash transactions
, PCI Fundamentals Practice Exam
5. Which entity is responsible for maintaining and evolving the PCI DSS?
a) Federal Reserve
b) PCI Security Standards Council (PCI SSC)
c) Visa International
d) Federal Trade Commission
6. What is the Cardholder Data Environment (CDE)?
a) The physical building where payment cards are stored
b) The people, processes, and technology that store, process, or transmit cardholder
data
c) The software used to process payments
d) The network connecting all payment terminals
7. What is the maximum number of PCI DSS requirements?
a) 6
b) 12
c) 20
d) 50
8. Which of the following must NEVER be stored after authorization?
a) Primary Account Number (PAN)
b) Cardholder name
c) CVV2/CVC2 code
d) Expiration date
9. What is network segmentation?
a) Connecting all systems to a single network
b) Isolating the CDE from other systems to reduce scope
c) Encrypting all network traffic
d) Monitoring network activity
10. What is a Qualified Security Assessor (QSA)?
a) A company employee responsible for security
b) An individual certified by the PCI SSC to assess PCI compliance
c) A software vendor
d) A payment card brand representative
11. What is an Internal Security Assessor (ISA)?
a) An employee certified to perform internal PCI assessments
PCI Fundamentals Practice Exam
60 Questions with Answers at End of Exam| Foundational
Level
Section 1: Multiple Choice (Questions 1-40)
Select the single best answer for each question.
1. What does PCI DSS stand for?
a) Payment Card Industry Data Security Standard
b) Personal Credit Information Data Security Standard
c) Payment Card International Data Security System
d) Private Cardholder Information Data Security Standard
2. Which of the following is considered the Primary Account Number (PAN)?
a) The cardholder's name
b) The 16-digit number on the front of a payment card
c) The CVV code on the back of the card
d) The card expiration date
3. Which of the following is classified as Sensitive Authentication Data (SAD)?
a) Cardholder name
b) Expiration date
c) Full magnetic stripe data
d) Service code
4. What is the primary purpose of the PCI DSS?
a) To increase credit card sales
b) To protect cardholder data and reduce payment card fraud
c) To standardize payment processing hardware
d) To eliminate cash transactions
, PCI Fundamentals Practice Exam
5. Which entity is responsible for maintaining and evolving the PCI DSS?
a) Federal Reserve
b) PCI Security Standards Council (PCI SSC)
c) Visa International
d) Federal Trade Commission
6. What is the Cardholder Data Environment (CDE)?
a) The physical building where payment cards are stored
b) The people, processes, and technology that store, process, or transmit cardholder
data
c) The software used to process payments
d) The network connecting all payment terminals
7. What is the maximum number of PCI DSS requirements?
a) 6
b) 12
c) 20
d) 50
8. Which of the following must NEVER be stored after authorization?
a) Primary Account Number (PAN)
b) Cardholder name
c) CVV2/CVC2 code
d) Expiration date
9. What is network segmentation?
a) Connecting all systems to a single network
b) Isolating the CDE from other systems to reduce scope
c) Encrypting all network traffic
d) Monitoring network activity
10. What is a Qualified Security Assessor (QSA)?
a) A company employee responsible for security
b) An individual certified by the PCI SSC to assess PCI compliance
c) A software vendor
d) A payment card brand representative
11. What is an Internal Security Assessor (ISA)?
a) An employee certified to perform internal PCI assessments
