PCIP Exam Questions with 100%
Correct Answers
A compensating control must __________________________ - Answer-meet the rigor
and intent of the original requirement
A merchant with web based virtual terminals and no electronic cardholder data storage
must complete a _______ - Answer-SAQ C-VT
Merchant with payment application systems connected to the internet with no electronic
cardholder data storage must complete a ____________ - Answer-SAQ C
Create an ___________ that is __________ to be implemented in the event of a breach
- Answer-incident response plan - tested annually
Tool to assist merchants and service providers self-evaluate compliance with PCI DSS -
Answer-SAQ
Card not present merchants with all cardholder data source functions outsourced must
complete the ________ - Answer-SAQ A
Minimum password length required by PCI DSS - Answer-7
Retain audit trail history for _____________years with minimum _______ months
immediately available - Answer-1 3
External penetration testing must be performed ___________ - Answer-at least
annually and after any significant upgrade or modification
Can existing PCI DSS requirements be considered as compensating controls if they are
already required for the item under review? - Answer-NO
What are reasons to consider using compensating controls? - Answer-Legitimate
technical constraints or documented business constraints
Do PCI DSS requirements apply if virtualization is used in the CDE? - Answer-YES
P2PE encrypts data at source and decrypts at destination - Answer-True
Correct Answers
A compensating control must __________________________ - Answer-meet the rigor
and intent of the original requirement
A merchant with web based virtual terminals and no electronic cardholder data storage
must complete a _______ - Answer-SAQ C-VT
Merchant with payment application systems connected to the internet with no electronic
cardholder data storage must complete a ____________ - Answer-SAQ C
Create an ___________ that is __________ to be implemented in the event of a breach
- Answer-incident response plan - tested annually
Tool to assist merchants and service providers self-evaluate compliance with PCI DSS -
Answer-SAQ
Card not present merchants with all cardholder data source functions outsourced must
complete the ________ - Answer-SAQ A
Minimum password length required by PCI DSS - Answer-7
Retain audit trail history for _____________years with minimum _______ months
immediately available - Answer-1 3
External penetration testing must be performed ___________ - Answer-at least
annually and after any significant upgrade or modification
Can existing PCI DSS requirements be considered as compensating controls if they are
already required for the item under review? - Answer-NO
What are reasons to consider using compensating controls? - Answer-Legitimate
technical constraints or documented business constraints
Do PCI DSS requirements apply if virtualization is used in the CDE? - Answer-YES
P2PE encrypts data at source and decrypts at destination - Answer-True
