1
PCI Study Master Set Questions with Answers (100%
Correct Answers)
PCI DSS— Answer: Payment Card Industry Data Security Standard
For consistent data security measures globally
12 requirements in six groups
PCI DSS is a minimum set of controls
It is a contractual agreement, not a standard
PCI-DSS only applies if PANs are stored, processed or transmitted
PCI Goal 1— Answer: Build and Maintain a secure network
PCI Goal 2— Answer: Protect Card Holder Data
PCI Goal 3— Answer: Maintain a vulnerability program
PCI Goal 4— Answer: Implement strong Access control measures
PCI Goal 5— Answer: Regularly Monitor and Test networks
© 2025 All rights reserved
,2
PCI Goal 6— Answer: Maintain an Information Security Policy
Cardholder data— Answer: Primary Account Number (PAN)
Cardholder name
Expiration date
Service Code
Sensitive Authentication Data— Answer: Magnetic stripe data or
equivalent on a chip
CAV2/CVC2/CVV2/CID
PINs / PIN Blocks
PA-DSS— Answer: Payment Application Data Security Standard
PA-DSS applies to software sold "off the shelf" by 3rd parties
PA-DSS does not apply to applications developed by merchants and
service providers for use in-house. (this is covered by PCI-DSS)
Scope— Answer: Is a primary requirement
cardholder data flows help set scope
© 2025 All rights reserved
, 3
business practices and processes need careful consideration and may
need re-engineering.
Network Segmentation is— Answer: Recommended to reduce scope
and risk
When can Wireless be used?— Answer: Use only for non-sensitive
data
Carefully consider the Risk
MUST be tested
Service Providers— Answer: Need their own PCI-DSS compliance or
will have their services reviewed as part of their customers audits.
The Report on Compliance (ROC) documents the role of each service
provider.
Sampling— Answer: Sampling of Business Facilities / System
components is allowed, however all applicable PCI DSS requirements
must be considered.
© 2025 All rights reserved
PCI Study Master Set Questions with Answers (100%
Correct Answers)
PCI DSS— Answer: Payment Card Industry Data Security Standard
For consistent data security measures globally
12 requirements in six groups
PCI DSS is a minimum set of controls
It is a contractual agreement, not a standard
PCI-DSS only applies if PANs are stored, processed or transmitted
PCI Goal 1— Answer: Build and Maintain a secure network
PCI Goal 2— Answer: Protect Card Holder Data
PCI Goal 3— Answer: Maintain a vulnerability program
PCI Goal 4— Answer: Implement strong Access control measures
PCI Goal 5— Answer: Regularly Monitor and Test networks
© 2025 All rights reserved
,2
PCI Goal 6— Answer: Maintain an Information Security Policy
Cardholder data— Answer: Primary Account Number (PAN)
Cardholder name
Expiration date
Service Code
Sensitive Authentication Data— Answer: Magnetic stripe data or
equivalent on a chip
CAV2/CVC2/CVV2/CID
PINs / PIN Blocks
PA-DSS— Answer: Payment Application Data Security Standard
PA-DSS applies to software sold "off the shelf" by 3rd parties
PA-DSS does not apply to applications developed by merchants and
service providers for use in-house. (this is covered by PCI-DSS)
Scope— Answer: Is a primary requirement
cardholder data flows help set scope
© 2025 All rights reserved
, 3
business practices and processes need careful consideration and may
need re-engineering.
Network Segmentation is— Answer: Recommended to reduce scope
and risk
When can Wireless be used?— Answer: Use only for non-sensitive
data
Carefully consider the Risk
MUST be tested
Service Providers— Answer: Need their own PCI-DSS compliance or
will have their services reviewed as part of their customers audits.
The Report on Compliance (ROC) documents the role of each service
provider.
Sampling— Answer: Sampling of Business Facilities / System
components is allowed, however all applicable PCI DSS requirements
must be considered.
© 2025 All rights reserved
