PCI ISA CERTIFICATION SCRIPT 2026
QUESTIONS WITH SOLUTIONS GRADED A+
• 8.2.5 Passwords/passphrases cannot be any of the previous
_______________..
Answer: 4 versions used
• PCI PTS - POI.
Answer: Covers the protection of sensitive data at the point of interaction
devices and their secure components, including cardholder PINs and
account data, and the cryptographic keys used in connection with the
protection of that cardholder data.
• PAN primary account number.
Answer: unique payment card number that identifies the issuer and the
particular cardholder account
• SDLC.
Answer: phases of the development of software or computer system that
includes planning, analysis, design, testing, and implementation
• 9.4.4 Visitor Logs must:.
Answer: Must be kept for 3 months and contain the following: - Visitor's
name - Firm represented - Person authorizing visitor's visit
• Network Security Scan.
Answer: Process by which the entity's system are remotely checked for
vulnerabilities through use of a manual or automated tools
• 6.4.5 Change control procedures must include the following.
Answer: - Documentation of impact - Documented change approval by
authorized parties - Functionality testing to verify change does not adversely
impact security of the system - Back-out procedures
• Bluetoot.
Answer: _____ is a wireless protocol designed for transmitting data over
, short distances, replacing cables.
• Issuer.
Answer: Entity that issues payment cards or performs, facilitates, or
supports issuing services including but not limited to issuing banks and
issuing processors.
• 8.3 MFA is required for all:.
Answer: - Non-console administrative access to the CDE - All remote access
by personnel and third-party/vendor remote access
• Ingress Filtering.
Answer: Method of filtering inbound network traffic such that only
explicitly allowed traffic is permitted to enter the network
• PCI DSS applies to:.
Answer: Any entity that stores, processes, or transmits payment card data.
Also applies to systems that provide security services or could impact the
security of account data
• Lightweight Directory Access Protocol -LDAP.
Answer: Authentication and authorization data repository utilized for
querying and modifying user permissions and granting access to protected
resources.
• What percent of stolen credentials leveraged vendor remote access?.
Answer: 95%
• What makes up SAD?.
Answer: - Track Data - CAV2/CVC2/CVV2/CID) - PINs & PIN Blocks
• Merchant.
Answer: defined as any entity that accepts payment cards bearing the logos
of any of the five members of PCISSC as payment for goods or services.
• What is MOD10 (Luhn Algorithm) used for?.
Answer: To see if a potential card number is valid
• 6.6 For public-facing web applications, address new threats and
, vulnerabilities on an ongoing basis and ensure these applications are
protected against known attacks by either of the following methods.
Answer: - At least annually, and after any changes, review via manual or
automated application vulnerability assessment tools/methods - Automated
technical solution that detects and prevents web-based attacks continuously
• A requirement cannot be considered in place if it contains "open items" or
items that will be finished at a future date. True/False?.
Answer: True
• 8.1.6 Accounts should be locked out after _______________________..
Answer: 6 failed login attempts
• Things to consider when assessing:.
Answer: People, processes, technology
• ANSI.
Answer: Acronym for "American National Standards Institute" Private,
non-profit organization that administers and coordinates the US voluntary
standardization and conformity assessment system
• 6.2 Critical Security patches should be installed
__________________________________..
Answer: Within 1 month of release
• 8.1.5 Accounts used by third-parties should be:.
Answer: 1) Disabled when not in use 2) Enabled only when needed, and
disabled when not in use
• Pad.
Answer: an encryption algorithm with text combined with a random key ore
"pad" that is as long as the plain-text and used only once
• Network Time Protocol (NTP).
Answer: Protocol for synchronizing the clocks of computer systems,
network devices and other system components
• Acquirer.
QUESTIONS WITH SOLUTIONS GRADED A+
• 8.2.5 Passwords/passphrases cannot be any of the previous
_______________..
Answer: 4 versions used
• PCI PTS - POI.
Answer: Covers the protection of sensitive data at the point of interaction
devices and their secure components, including cardholder PINs and
account data, and the cryptographic keys used in connection with the
protection of that cardholder data.
• PAN primary account number.
Answer: unique payment card number that identifies the issuer and the
particular cardholder account
• SDLC.
Answer: phases of the development of software or computer system that
includes planning, analysis, design, testing, and implementation
• 9.4.4 Visitor Logs must:.
Answer: Must be kept for 3 months and contain the following: - Visitor's
name - Firm represented - Person authorizing visitor's visit
• Network Security Scan.
Answer: Process by which the entity's system are remotely checked for
vulnerabilities through use of a manual or automated tools
• 6.4.5 Change control procedures must include the following.
Answer: - Documentation of impact - Documented change approval by
authorized parties - Functionality testing to verify change does not adversely
impact security of the system - Back-out procedures
• Bluetoot.
Answer: _____ is a wireless protocol designed for transmitting data over
, short distances, replacing cables.
• Issuer.
Answer: Entity that issues payment cards or performs, facilitates, or
supports issuing services including but not limited to issuing banks and
issuing processors.
• 8.3 MFA is required for all:.
Answer: - Non-console administrative access to the CDE - All remote access
by personnel and third-party/vendor remote access
• Ingress Filtering.
Answer: Method of filtering inbound network traffic such that only
explicitly allowed traffic is permitted to enter the network
• PCI DSS applies to:.
Answer: Any entity that stores, processes, or transmits payment card data.
Also applies to systems that provide security services or could impact the
security of account data
• Lightweight Directory Access Protocol -LDAP.
Answer: Authentication and authorization data repository utilized for
querying and modifying user permissions and granting access to protected
resources.
• What percent of stolen credentials leveraged vendor remote access?.
Answer: 95%
• What makes up SAD?.
Answer: - Track Data - CAV2/CVC2/CVV2/CID) - PINs & PIN Blocks
• Merchant.
Answer: defined as any entity that accepts payment cards bearing the logos
of any of the five members of PCISSC as payment for goods or services.
• What is MOD10 (Luhn Algorithm) used for?.
Answer: To see if a potential card number is valid
• 6.6 For public-facing web applications, address new threats and
, vulnerabilities on an ongoing basis and ensure these applications are
protected against known attacks by either of the following methods.
Answer: - At least annually, and after any changes, review via manual or
automated application vulnerability assessment tools/methods - Automated
technical solution that detects and prevents web-based attacks continuously
• A requirement cannot be considered in place if it contains "open items" or
items that will be finished at a future date. True/False?.
Answer: True
• 8.1.6 Accounts should be locked out after _______________________..
Answer: 6 failed login attempts
• Things to consider when assessing:.
Answer: People, processes, technology
• ANSI.
Answer: Acronym for "American National Standards Institute" Private,
non-profit organization that administers and coordinates the US voluntary
standardization and conformity assessment system
• 6.2 Critical Security patches should be installed
__________________________________..
Answer: Within 1 month of release
• 8.1.5 Accounts used by third-parties should be:.
Answer: 1) Disabled when not in use 2) Enabled only when needed, and
disabled when not in use
• Pad.
Answer: an encryption algorithm with text combined with a random key ore
"pad" that is as long as the plain-text and used only once
• Network Time Protocol (NTP).
Answer: Protocol for synchronizing the clocks of computer systems,
network devices and other system components
• Acquirer.
