PCI STUDY MASTER SET EXAM
2025/2026 QUESTIONS AND ANSWERS
100% PASS
PCI DSS - ANS Payment Card Industry Data Security Standard
For consistent data security measures globally
12 requirements in six groups
PCI DSS is a minimum set of controls
It is a contractual agreement, not a standard
PCI-DSS only applies if PANs are stored, processed or transmitted
PCI Goal 1 - ANS Build and Maintain a secure network
PCI Goal 2 - ANS Protect Card Holder Data
PCI Goal 3 - ANS Maintain a vulnerability program
PCI Goal 4 - ANS Implement strong Access control measures
PCI Goal 5 - ANS Regularly Monitor and Test networks
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,PCI Goal 6 - ANS Maintain an Information Security Policy
Cardholder data - ANS Primary Account Number (PAN)
Cardholder name
Expiration date
Service Code
Sensitive Authentication Data - ANS Magnetic stripe data or equivalent on a chip
CAV2/CVC2/CVV2/CID
PINs / PIN Blocks
PA-DSS - ANS Payment Application Data Security Standard
PA-DSS applies to software sold "off the shelf" by 3rd parties
PA-DSS does not apply to applications developed by merchants and service providers for use in-
house. (this is covered by PCI-DSS)
Scope - ANS Is a primary requirement
cardholder data flows help set scope
business practices and processes need careful consideration and may need re-engineering.
Network Segmentation is - ANS Recommended to reduce scope and risk
When can Wireless be used? - ANS Use only for non-sensitive data
Carefully consider the Risk
MUST be tested
Service Providers - ANS Need their own PCI-DSS compliance or will have their services
reviewed as part of their customers audits.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, The Report on Compliance (ROC) documents the role of each service provider.
Sampling - ANS Sampling of Business Facilities / System components is allowed, however all
applicable PCI DSS requirements must be considered.
Compensating Controls - ANS a Compensating Controls Worksheet must be completed for
each compensating control. And documented in the ROC.
Compliance Completion Steps - ANS 1.Complete the ROC
2. Provide evidence of passing scans from ASV
3. Complete the "Attestation of compliance"
4. Submit all to the Aquirer, or Payment Brand
PCI SSC - ANS Payment card Industry Security Standards Council
ASV - ANS Approved Scanning Vendors
QSA - ANS Qualified Security Assessor
PCI PA-DSS - ANS Payment card Industry Payment Application Data Security Standard
PCI PED - ANS Payment Card Industry Pin Entry Devices
Merchant levels - ANS Defined by payment brands.
Levels 1 to 4
1 is the largets merchants or merchants who have been compromised. 6 Million
transactions/year +
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
2025/2026 QUESTIONS AND ANSWERS
100% PASS
PCI DSS - ANS Payment Card Industry Data Security Standard
For consistent data security measures globally
12 requirements in six groups
PCI DSS is a minimum set of controls
It is a contractual agreement, not a standard
PCI-DSS only applies if PANs are stored, processed or transmitted
PCI Goal 1 - ANS Build and Maintain a secure network
PCI Goal 2 - ANS Protect Card Holder Data
PCI Goal 3 - ANS Maintain a vulnerability program
PCI Goal 4 - ANS Implement strong Access control measures
PCI Goal 5 - ANS Regularly Monitor and Test networks
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,PCI Goal 6 - ANS Maintain an Information Security Policy
Cardholder data - ANS Primary Account Number (PAN)
Cardholder name
Expiration date
Service Code
Sensitive Authentication Data - ANS Magnetic stripe data or equivalent on a chip
CAV2/CVC2/CVV2/CID
PINs / PIN Blocks
PA-DSS - ANS Payment Application Data Security Standard
PA-DSS applies to software sold "off the shelf" by 3rd parties
PA-DSS does not apply to applications developed by merchants and service providers for use in-
house. (this is covered by PCI-DSS)
Scope - ANS Is a primary requirement
cardholder data flows help set scope
business practices and processes need careful consideration and may need re-engineering.
Network Segmentation is - ANS Recommended to reduce scope and risk
When can Wireless be used? - ANS Use only for non-sensitive data
Carefully consider the Risk
MUST be tested
Service Providers - ANS Need their own PCI-DSS compliance or will have their services
reviewed as part of their customers audits.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, The Report on Compliance (ROC) documents the role of each service provider.
Sampling - ANS Sampling of Business Facilities / System components is allowed, however all
applicable PCI DSS requirements must be considered.
Compensating Controls - ANS a Compensating Controls Worksheet must be completed for
each compensating control. And documented in the ROC.
Compliance Completion Steps - ANS 1.Complete the ROC
2. Provide evidence of passing scans from ASV
3. Complete the "Attestation of compliance"
4. Submit all to the Aquirer, or Payment Brand
PCI SSC - ANS Payment card Industry Security Standards Council
ASV - ANS Approved Scanning Vendors
QSA - ANS Qualified Security Assessor
PCI PA-DSS - ANS Payment card Industry Payment Application Data Security Standard
PCI PED - ANS Payment Card Industry Pin Entry Devices
Merchant levels - ANS Defined by payment brands.
Levels 1 to 4
1 is the largets merchants or merchants who have been compromised. 6 Million
transactions/year +
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
