PCI (ISA) VERSION 4 EXAM QUESTIONS AND
ACCURATE ANSWERS RATED A.
For what purpose should system security parameters be configured?
To prevent misuse of the system
If a user account is locked out due to failed login attempts, the user should be
locked out until an admin unlocks or a period of:
30 mins
Is network segmentation a PCI DSS requirement?
NO
Merchants with a payment application connected to the internet with no
electronic cardholder data
SAQ C
Encryption account data is in scope for an entity that possesses the
________________?
decryption keys
Authorization of a transaction usually takes places at which point in time?
Within one day of purchase
The __________________ facilitates the payment transaction between the
merchant's acquirer and the issuer.
Payment Brand Network
The _________________ also known as the merchant's bank, sends payment
transaction data through the payment network to the issuer.
[Acquirer] The acquirer,
The ________________is the organization accepting payment from the
cardholder during a purchase.
[Merchant] The merchant
, The merchant sends payment transaction data to their __________________.
Acquirer
Req 9 requires entities to maintain a list of card reading devices uses at the
POS. The list should identify the make, model, ____________________ and
________________.
location and unique identifier for each device
The sample selection should be representative of all types of system
components in the environment. True/False
True
PAN transmissions can be protected by encrypting the data before it is
transmitted, or by encrypting the session over which the data is transmitted, or
both. While it is not required that strong cryptography be applied at both the
data level and the session level, it is recommended. TRUE/FALSE
TRUE
A merchant wants to confirm their level. Who should they contact?
Their Acquirer
The acquirer receives authorization requests from the __________ on behalf of
the merchant.
issuer
_____________, where the Issuer and Acquirer exchange purchase and
reconciliation information. And finally, during ______________, the Issuer pays
the Acquirer, the Merchant receives the payment, and the Cardholder gets
charged.
Clearing, Settlement
When completing a ROC, an assessor selects yes that a Compensating Control
are being used, where else are compensating controls documented?
worksheet in Appendix C
Network segmentation can help to _______________the scope of a PCI DSS
assessment?
ACCURATE ANSWERS RATED A.
For what purpose should system security parameters be configured?
To prevent misuse of the system
If a user account is locked out due to failed login attempts, the user should be
locked out until an admin unlocks or a period of:
30 mins
Is network segmentation a PCI DSS requirement?
NO
Merchants with a payment application connected to the internet with no
electronic cardholder data
SAQ C
Encryption account data is in scope for an entity that possesses the
________________?
decryption keys
Authorization of a transaction usually takes places at which point in time?
Within one day of purchase
The __________________ facilitates the payment transaction between the
merchant's acquirer and the issuer.
Payment Brand Network
The _________________ also known as the merchant's bank, sends payment
transaction data through the payment network to the issuer.
[Acquirer] The acquirer,
The ________________is the organization accepting payment from the
cardholder during a purchase.
[Merchant] The merchant
, The merchant sends payment transaction data to their __________________.
Acquirer
Req 9 requires entities to maintain a list of card reading devices uses at the
POS. The list should identify the make, model, ____________________ and
________________.
location and unique identifier for each device
The sample selection should be representative of all types of system
components in the environment. True/False
True
PAN transmissions can be protected by encrypting the data before it is
transmitted, or by encrypting the session over which the data is transmitted, or
both. While it is not required that strong cryptography be applied at both the
data level and the session level, it is recommended. TRUE/FALSE
TRUE
A merchant wants to confirm their level. Who should they contact?
Their Acquirer
The acquirer receives authorization requests from the __________ on behalf of
the merchant.
issuer
_____________, where the Issuer and Acquirer exchange purchase and
reconciliation information. And finally, during ______________, the Issuer pays
the Acquirer, the Merchant receives the payment, and the Cardholder gets
charged.
Clearing, Settlement
When completing a ROC, an assessor selects yes that a Compensating Control
are being used, where else are compensating controls documented?
worksheet in Appendix C
Network segmentation can help to _______________the scope of a PCI DSS
assessment?
