PCIP ACTUAL EXAM QUESTIONS AND CORRECT ANSWERS UPDAT
PCIP exam questions
ALREADY GRADED A+ WITH EXPERT FEEDBACK
Study online at https://quizlet.com/_h7dmgt
1. acquirer party is responsible for merchant com-
pliance validation and merchant com-
munications
2. Which statement is correct regarding the in- They must be performed after an up-
ternal vulnerability scans and/or rescans? grade to a server that impacts the card-
holder data environment
3. When confirming PCI DSS requirements have independent judgment
been met, assessors must always use which
of the following?
4. Typical locations where track data may be databases and log files from
found include which of the following? point-of-sales terminals
5. Which of the following statements about "flat All systems on flat network are in scope
networks" is true? for the PCI DSS assessments
6. If network segmentation is being used to re- All controls used for segmentation are
duce the scope of the PCI DSS assessment, configured properly
what must the assessor verify?
7. PCI DSS requirement 10.2 defines the types Audit trails, user identification, type
of events to be logged. of event, date and time, success and
failure indications, source IP address
(origination of event), data and systems
touched, time synchronization technol-
ogy in use.
8. The payment card brands are responsible for Penalties or fee assignment for
which of the following? non-compliance
9.
, PCIP exam questions
Study online at https://quizlet.com/_h7dmgt
Which of the following is related to the use of PCI DSS applies to environments using
EMV chip technology? EMV chip technology
10. In order for PCI DSS scope to be reduced, Isolate systems that store, process, or
what must adequate network segmentation transmit cardholder data from those
do? that do not
11. The Mod 10 formula doubles the value of Second from the right
every other digit of the primary account num-
ber beginning with which digit?
12. What is the Mod 10 or Luhn formula? The algorithm used to validate PAN (pri-
mary account numbers)
13. What is required regarding the entity sharing The entity must have an established
cardholder data with a service provider? process of engaging service provider,
including proper due diligence prior to
engagement
14. Who is responsible for setting compliance Payment brands
deadlines and fines?
15. In accordance with the requirement 12.3.8, After a specific period if inactivity
usage policies must be defined to auto-
matically disconnect remote-access sessions.
When should the remote-access sessions be
disconnected?
16. the following statements is correct regarding PA-DSS compliant payment applica-
a PA-DSS application? tions are in scope for the merchant's PCI
DSS assessment
17. What does it mean if a suspected card num- It is definitely a valid PAN
ber passes Mod 10?
, PCIP exam questions
Study online at https://quizlet.com/_h7dmgt
18. Which of the following is correct related to Track 1 contains all the field of both
the tracks of the data on the magnetic stripe Track 1 and Track 2
of a payment card?
19. Which of the following is a responsibility of Define validation requirements of ASVs
the PCI SSC? (Approved scanning vendors
20. When should penetration testing be per- At least annually, and after any signifi-
formed? cant changes to infrastructure or appli-
cations
21. How often are risk assessments required? At least annually
22. This statement about the transaction process The card holder receives the type of
is true payment, the card, and the bills from
the issuers
23. Which of the following statements accurately A service provider processes, stores, or
describes the service providers? transmits card holder's data on the be-
half of another entity
24. A service provider with no electric cardholder SAQ B
data storage may be eligible to complete the
SAQ?
25. SAQ A If your organization only accepts
card-not-present transactions (e-com-
merce or phone/mail order)
If the processing of cardholder data is
entirely outsourced to third-party ser-
vice providers approved by PCI DSS
Your organization does not electronical-
ly store, process, or transmit any card-
PCIP exam questions
ALREADY GRADED A+ WITH EXPERT FEEDBACK
Study online at https://quizlet.com/_h7dmgt
1. acquirer party is responsible for merchant com-
pliance validation and merchant com-
munications
2. Which statement is correct regarding the in- They must be performed after an up-
ternal vulnerability scans and/or rescans? grade to a server that impacts the card-
holder data environment
3. When confirming PCI DSS requirements have independent judgment
been met, assessors must always use which
of the following?
4. Typical locations where track data may be databases and log files from
found include which of the following? point-of-sales terminals
5. Which of the following statements about "flat All systems on flat network are in scope
networks" is true? for the PCI DSS assessments
6. If network segmentation is being used to re- All controls used for segmentation are
duce the scope of the PCI DSS assessment, configured properly
what must the assessor verify?
7. PCI DSS requirement 10.2 defines the types Audit trails, user identification, type
of events to be logged. of event, date and time, success and
failure indications, source IP address
(origination of event), data and systems
touched, time synchronization technol-
ogy in use.
8. The payment card brands are responsible for Penalties or fee assignment for
which of the following? non-compliance
9.
, PCIP exam questions
Study online at https://quizlet.com/_h7dmgt
Which of the following is related to the use of PCI DSS applies to environments using
EMV chip technology? EMV chip technology
10. In order for PCI DSS scope to be reduced, Isolate systems that store, process, or
what must adequate network segmentation transmit cardholder data from those
do? that do not
11. The Mod 10 formula doubles the value of Second from the right
every other digit of the primary account num-
ber beginning with which digit?
12. What is the Mod 10 or Luhn formula? The algorithm used to validate PAN (pri-
mary account numbers)
13. What is required regarding the entity sharing The entity must have an established
cardholder data with a service provider? process of engaging service provider,
including proper due diligence prior to
engagement
14. Who is responsible for setting compliance Payment brands
deadlines and fines?
15. In accordance with the requirement 12.3.8, After a specific period if inactivity
usage policies must be defined to auto-
matically disconnect remote-access sessions.
When should the remote-access sessions be
disconnected?
16. the following statements is correct regarding PA-DSS compliant payment applica-
a PA-DSS application? tions are in scope for the merchant's PCI
DSS assessment
17. What does it mean if a suspected card num- It is definitely a valid PAN
ber passes Mod 10?
, PCIP exam questions
Study online at https://quizlet.com/_h7dmgt
18. Which of the following is correct related to Track 1 contains all the field of both
the tracks of the data on the magnetic stripe Track 1 and Track 2
of a payment card?
19. Which of the following is a responsibility of Define validation requirements of ASVs
the PCI SSC? (Approved scanning vendors
20. When should penetration testing be per- At least annually, and after any signifi-
formed? cant changes to infrastructure or appli-
cations
21. How often are risk assessments required? At least annually
22. This statement about the transaction process The card holder receives the type of
is true payment, the card, and the bills from
the issuers
23. Which of the following statements accurately A service provider processes, stores, or
describes the service providers? transmits card holder's data on the be-
half of another entity
24. A service provider with no electric cardholder SAQ B
data storage may be eligible to complete the
SAQ?
25. SAQ A If your organization only accepts
card-not-present transactions (e-com-
merce or phone/mail order)
If the processing of cardholder data is
entirely outsourced to third-party ser-
vice providers approved by PCI DSS
Your organization does not electronical-
ly store, process, or transmit any card-