QIR questions with complete solution (graded A+) TO PASS

QIR questions with complete solution (graded A+) TO PASSWhich of the following items are included in the Compensating Controls worksheet? Constraints, objectives, identified risks and definition of compensating controls. Which of the following items CANNOT be stores? PIN The process of isolating the cardholder data environment from the remainder of an entity's network is called? Network segmentation For those entities that outsource storage, processing or transmission of cardholder data to third party service providers which of the following must be completed? Report on Compliance (ROC) Which of the following are NOT a part of the Report on Compliance? None of the above The first step of a PCI assessment is to: Determine the scope of the review Steps to reducing the scope of the cardholder data environment may include all items below EXCEPT: Purge all data that is older than 1 week Before wireless technology is implemented: An entity should carefully evaluate the need for the technology against the risk The P2PE Standard covers: Encryption, decryption, and key management within secure cryptographic devices The PCI DSS applied to any entity that ____, _____, or _____ cardholder data. stores, processes, transmits The PCI DSS standard follows a defined ________ lifecycle. 36 month Which of the below functions is associated with Acquirers? All of the options Which of the following entities will actually approve a purchase? Issuing Bank Which of the following lists the correct "order" for the flow of a payment card transaction? Authorization, Clearing, Settlement Service providers include companies which ______ or could _______ the security of cardholder data. control, impact Cardholder Data may be stored in "KNOWN" and "UNKNOWN" locations. True Storing Track Data "Long-term" or "persistently" may be permitted if _________. it is being stored by issuers PCI DSS Requirements 3.4 states the PAN must be rendered unreadable when stored, using _________. Encryption, Hashing, or Truncation Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure? SSH When scoping an environment for a PCI DSS assessment, it is important to identify__________. All of the options. Merchants involved with only e-commerce transactions with are completely outsourced to PCI DSS compliant service provider would use which SAQ? SAQ A Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ? SAQ B When a service provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used? SAQ D Information Supplements provided by the PCI SSC may "supersede" requirements. False If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies. True