PCI FUNDAMENTALS QUESTIONS AND ANSWERS
ASV - (ANSWER)Approved Scanning Vendor
PCI - (ANSWER)Payment Card Industry
PTS - (ANSWER)PIN Transaction Security (device)
QSA - (ANSWER)Qualified Security Assessor
ROC - (ANSWER)Report on Compilance
ROV - (ANSWER)Report on Validation
QIR - (ANSWER)Qualified Integrator Reseller
Which entity is responsible for developing and enforcing compliance programs? - (ANSWER)Payment
Brands
Which entity is responsible for forensic investigations of account data compromise? -
(ANSWER)Payment Brands
Which entity is response to Accept validation documentation from QSAs, PA-QSAs and ASVs -
(ANSWER)Payment Brands
Which entity is response Endorse QSA, PA-QSA and ASV company qualification criteria -
(ANSWER)Payment Brands
Merchant obligations may include submitting their compliance status to multiple entities. True or false?
- (ANSWER)True
, PCI FUNDAMENTALS QUESTIONS AND ANSWERS
The decision about a merchant's level is made by the - (ANSWER)Merchant's aquirer
Level 1 and 2 merchants must include ___________ as part of their PCI DSS compliance validation
reporting process? - (ANSWER)Level 1 and 2 merchants need quarterly external vulnerability scans to be
performed by an ASV. Level 2 merchants may use SAQs to validate compliance.
SAQ - (ANSWER)Self-assessment Questionaire
Type of SAQ? Card-Not-Present (e-commerce or MO/TO) merchants, all cardholder data functions
outsourced to PCI DSS compliant service providers.
Not applicable to face-to-face channels. - (ANSWER)A
Type of SAQ? E-commerce merchants who outsource all payment processing to PCI DSS validated third
parties, and who have a website(s) that doesn't directly receive cardholder data but that can impact the
security of the payment transaction. No electronic storage, processing, or transmission of any
cardholder data on the merchant's systems or premises.
Applicable only to e-commerce channels. - (ANSWER)A-EP
Type of SAQ? Imprint-only merchants with no electronic cardholder data storage, or standalone, dial-out
terminal merchants with no electronic cardholder data storage.
Not applicable to e-commerce channels. - (ANSWER)B
Type of SAQ? Merchants using only stand-alone, PTS-approved payment terminals with an IP connection
to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels. - (ANSWER)B-IP
ASV - (ANSWER)Approved Scanning Vendor
PCI - (ANSWER)Payment Card Industry
PTS - (ANSWER)PIN Transaction Security (device)
QSA - (ANSWER)Qualified Security Assessor
ROC - (ANSWER)Report on Compilance
ROV - (ANSWER)Report on Validation
QIR - (ANSWER)Qualified Integrator Reseller
Which entity is responsible for developing and enforcing compliance programs? - (ANSWER)Payment
Brands
Which entity is responsible for forensic investigations of account data compromise? -
(ANSWER)Payment Brands
Which entity is response to Accept validation documentation from QSAs, PA-QSAs and ASVs -
(ANSWER)Payment Brands
Which entity is response Endorse QSA, PA-QSA and ASV company qualification criteria -
(ANSWER)Payment Brands
Merchant obligations may include submitting their compliance status to multiple entities. True or false?
- (ANSWER)True
, PCI FUNDAMENTALS QUESTIONS AND ANSWERS
The decision about a merchant's level is made by the - (ANSWER)Merchant's aquirer
Level 1 and 2 merchants must include ___________ as part of their PCI DSS compliance validation
reporting process? - (ANSWER)Level 1 and 2 merchants need quarterly external vulnerability scans to be
performed by an ASV. Level 2 merchants may use SAQs to validate compliance.
SAQ - (ANSWER)Self-assessment Questionaire
Type of SAQ? Card-Not-Present (e-commerce or MO/TO) merchants, all cardholder data functions
outsourced to PCI DSS compliant service providers.
Not applicable to face-to-face channels. - (ANSWER)A
Type of SAQ? E-commerce merchants who outsource all payment processing to PCI DSS validated third
parties, and who have a website(s) that doesn't directly receive cardholder data but that can impact the
security of the payment transaction. No electronic storage, processing, or transmission of any
cardholder data on the merchant's systems or premises.
Applicable only to e-commerce channels. - (ANSWER)A-EP
Type of SAQ? Imprint-only merchants with no electronic cardholder data storage, or standalone, dial-out
terminal merchants with no electronic cardholder data storage.
Not applicable to e-commerce channels. - (ANSWER)B
Type of SAQ? Merchants using only stand-alone, PTS-approved payment terminals with an IP connection
to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels. - (ANSWER)B-IP
