PCI Fundamentals Module Knowledge Checks

Methods for stealing payment card data include: - Malware, physical skimming, and weak passwords The PCI DSS applies to: - Any entity that stores, processes, and transmits card account data The P2PE Standard Covers: - Encryption, decryption, and key management requirements for point-to-point encryption solutions The standard for validating off-the-shelf payment applications used in authorization and settlement is: - PA-DSS T/F: Merchants using PA-DSS validated payment applications are automatically PCI DSS compliant - False Which of the below functions is associated with acquirers? - provide clearing services to a merchant, provide authorization services to a merchant, provide settlement services to a merchant Which of the following entities will ultimately approve a purchase? - Issuer In which step does the payment brand network provide complete reconciliation to the merchant's bank? - Clearing A company that _________________ is considered to be a service provider. - controls or could impact the security of another entity's cardholder data Which of the following are examples of service providers? - Data center hosting providers, payment gateways, and independent sales organizations (ISOs) or external sales agents (ESAs) are examples of service providers Which of the following are parts of the Payment Brand role? - The role played by Payment Brands include developing and enforcing compliance programs, accepting validation documentation from approved QSA, PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-QSA, and ASV company qualification criteria T/F: Merchant obligations may include submitting their compliance status to multiple entities. - True The decision about a merchant's level is made by the: - Merchant's acquirer Level 1 and 2 merchants must include ___________ as part of their PCI DSS compliance validation reporting process? - ASV Scan Results Which SAQ best applies to the entity: MO/TO merchant with all payment functions outsourced to a compliant service provider - SAQ A Which SAQ best applies to the entity: Merchants with only card-present dial-out terminals - SAQ B Which SAQ best applies to the entity: Merchant with standalone payment application connected to the internet - SAQ C Which SAQ best applies to the entity: Service provider using only web-based virtual terminals - SAQ D Which SAQ best applies to the entity: An online merchant with a payment page that accepts cardholder data, but transmits the data to a PCI DSS-compliant service provider - SAQ A-EP Which SAQ best applies to the entity: Merchant who is using a validated P2PE solution listed on the PCI SSC website - SAQ P2PE Which SAQ best applies to the entity: An online merchant that displays a PCI DSS-compliant service provider's payment page in an IFRAME, all page content is from the PSP - SAQ A Which SAQ best applies to the entity: Merchant using an end-to-end encryption solution (E2EE) that utilizes PCI PTS-approved POI devices which communicate with the acquirer over an IP network - SAQ B-IP Which of the following could PA-DSS apply to? - PA-DSS only applies to applications that store, process or transmit cardholder data for authorization or settlement, and are sold, licensed or distributed "off-the-shelf" to third parties.