PCI ISA Exam with complete solutions

PCI ISA Exam with complete solutions SAQ-A - Answer️️ - e-commerce or telephone order merchants; processing fully outsourced to validated 3rd party. No processing, transmitting, storing done by merchant SAQ-B - Answer️️ - merchants with imprint machines and/or merchant with only standalone dial-out terminals SAQ-B-IP - Answer️️ - Same as SAQ-B but the terminals not dial-out, the terminals have an IP connection SAQ-C - Answer️️ - Merchants with payment apps connected to the Internet but have no CHD storage. Not available if doing ecommerce SAQ-C-VT - Answer️️ - Merchants who only use virtual terminals from a validated 3rd party. Do transactions one at a time. Not available if doing ecommerce SAQ-A-EP - Answer️️ - Same as SAQ-A but web site could affect the security of outsourced 3rd party solution. SAQ-D - Answer️️ - Used by merchants not eligible for any other SAQ. Service providers must always use SAQ-D Where are firewalls required - Answer️️ - Between Internet and CHD, between DMZ and internal network, between wireless networks and CHD How often must firewall rules be reviewed - Answer️️ - 6 months and after significant environment change Non-Console admin access must be ______ - Answer️️ - encrypted CHD data can only be stored for how long? - Answer️️ - based on merchant documented policy based on biz, regulatory, legal requirements CHD that has exceeded its defined retention period must be deleted based on a ________ process - Answer️️ - quarterly When is it OK to store sensitive authentication date (SAD)? - Answer️️ - temporarily prior to authorization. Issuers can store SAD based on business need Sensitive Authentication Data - Answer️️ - Full Track, Track 1, Track 2, CVV, PIN. Any equivalent from chip When masking a card number what can be shown - Answer️️ - first 6 and last 4 Acceptable methods for making PAN unreadable - Answer️️ - Hash, Truncation, Tokenized, strong key cryptography Secret/Private keys must be protected by what method(s) - Answer️️ - 1) key-encrypting key, stored separately. 2) Hardware Security Module (HSM) 3) two full length key components (aka split knowled