PCI Ch 15 Test
The majority of payment card fraud is borne by _____.
consumers
banks, merchants, and card processors
Visa and MasterCard
All of the above - Correct Answer ✔ ✔ banks, merchants, and
card processors
The terms CVV2, CID, CVC2, and CVV2 all refer to the _____.
authentication data
security code
expiration date
account number - Correct Answer ✔ ✔ security code
,There are 12 categories of PCI standards. In order to be considered
compliant, an entity must comply with or document compensating
controls for _____.
All of the requirements
90% of the requirements
80% of the requirements
70% of the requirements - Correct Answer ✔ ✔ All of the
requirements
Which of the following best describes log data?
Log data can be used to identify indicators of compromise.
Log data can be used to identify primary account numbers.
Log data can be used to identify sensitive authentication data.
Log data can be used to identify cardholder location. - Correct Answer
✔ ✔ Log data can be used to identify indicators of compromise.
, Which of the following documents lists injection flaws, broken
authentication, and cross-site scripting as the top three application
security flaws?
ISACA Top Ten
NIST Top Ten
OWASP Top Ten
ISO Top Ten - Correct Answer ✔ ✔ OWASP Top Ten
Which of the following is an example of two-factor authentication?
Username and password
Password and challenge question
Username and token
Token and PIN - Correct Answer ✔ ✔ Username and password
Which of the following is considered a secure transmission
technology?
The majority of payment card fraud is borne by _____.
consumers
banks, merchants, and card processors
Visa and MasterCard
All of the above - Correct Answer ✔ ✔ banks, merchants, and
card processors
The terms CVV2, CID, CVC2, and CVV2 all refer to the _____.
authentication data
security code
expiration date
account number - Correct Answer ✔ ✔ security code
,There are 12 categories of PCI standards. In order to be considered
compliant, an entity must comply with or document compensating
controls for _____.
All of the requirements
90% of the requirements
80% of the requirements
70% of the requirements - Correct Answer ✔ ✔ All of the
requirements
Which of the following best describes log data?
Log data can be used to identify indicators of compromise.
Log data can be used to identify primary account numbers.
Log data can be used to identify sensitive authentication data.
Log data can be used to identify cardholder location. - Correct Answer
✔ ✔ Log data can be used to identify indicators of compromise.
, Which of the following documents lists injection flaws, broken
authentication, and cross-site scripting as the top three application
security flaws?
ISACA Top Ten
NIST Top Ten
OWASP Top Ten
ISO Top Ten - Correct Answer ✔ ✔ OWASP Top Ten
Which of the following is an example of two-factor authentication?
Username and password
Password and challenge question
Username and token
Token and PIN - Correct Answer ✔ ✔ Username and password
Which of the following is considered a secure transmission
technology?
