PCI Fundamentals TEST QUESTIONS WITH ANSWERS |UPDATED

PCI Fundamentals TEST QUESTIONS WITH ANSWERS |UPDATED The payment card brands are responsible for: - ANSWER penalty or fee assignment for non-compliance Authorization of a transaction usually takes place: - ANSWER within one day If a suspected card account number passes the Mod 10 test it means: - ANSWER it is definitely a valid PAN Which of the following is true regarding network segmentation? - ANSWER Network segmentation is not a PCI DSS requirement Which of the following is true related to the tracks of data on the magnetic stripe of a payment card? - ANSWER Track 1 contains all the fields of both track 1 and track 2 How Often should the firewall and router rule sets be reviewed? - ANSWER Every six months Which Of the following statements is true concerning transaction volumes for merchants? - ANSWER Transaction volume is determined by each acquirer Storing full track data after authorization is permitted under the following circumstances: - ANSWER NEVER In order to reduce PCI DSS scope, adequate network segmentation should: - ANSWER isolate systems that store, process, or transmit cardholder data from those that do not Systems that commonly store track data: - ANSWER POSsystems Which Of the following is true, regarding an entity sharing cardholder data with a service provider? - ANSWER The entity must have an established process for engaging service providers, including proper due diligence prior to engagement. When must critical new security patches be installed? - ANSWER Within one month of release Which Of the following statements is true? - ANSWER PA-DSS compliant payment applications are in scope for a merchant's PCI DSS assessment In accordance with PCI DSS Requirement 1, firewalls are required: - ANSWER between the cardholder environment and Other internal networks Which party is responsible for merchant compliance validation and merchant communications? - ANSWER Acquirer The Mod 10 formula doubles the value of alternate digits of the primary account number beginning with which digit? - ANSWER Second from the left Strong access control lists include the following: - ANSWER Do not allow "risky" protocols such as FTP or Telnet. Which of the following is true? - ANSWER A PA-DSS application installed by a QIR must still be reviewed during the PCI DSS assessment. PCI SSC Community Meetings: - ANSWER provide opportunity for PCI stakeholders to provide suggestions for changes and improvements. Which of the followin