and Correct Answers | New
Update
SAQ-A - ANSWER ✔✔e-commerce or telephone order merchants;
processing fully outsourced to validated 3rd party. No processing,
transmitting, storing done by merchant
SAQ-B - ANSWER ✔✔merchants with imprint machines and/or
merchant with only standalone dial-out terminals
SAQ-B-IP - ANSWER ✔✔Same as SAQ-B but the terminals not dial-
out, the terminals have an IP connection
SAQ-C - ANSWER ✔✔Merchants with payment apps connected to
the Internet but have no CHD storage. Not available if doing ecommerce
, SAQ-C-VT - ANSWER ✔✔Merchants who only use virtual terminals
from a validated 3rd party. Do transactions one at a time. Not available if
doing ecommerce
SAQ-A-EP - ANSWER ✔✔Same as SAQ-A but web site could affect
the security of outsourced 3rd party solution.
SAQ-D - ANSWER ✔✔Used by merchants not eligible for any other
SAQ. Service providers must always use SAQ-D
Where are firewalls required - ANSWER ✔✔Between Internet and
CHD, between DMZ and internal network, between wireless networks
and CHD
How often must firewall rules be reviewed - ANSWER ✔✔6 months
and after significant environment change
Non-Console admin access must be ______ - ANSWER
✔✔encrypted
CHD data can only be stored for how long? - ANSWER ✔✔based on
merchant documented policy based on biz, regulatory, legal
requirements
CHD that has exceeded its defined retention period must be deleted
based on a ________ process - ANSWER ✔✔quarterly