PCI Knowledge Check v2 || Answered Accurately.
Methods for stealing payment card data correct answers Includes physical skimming,
malware and weak passwords.
The PCI DSS applies to: correct answers Any entity that stores, processes, or transmitts
payment card account data.
The P2PE standard covers: correct answers Encryption, decryption, key management
requirements for point to point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement correct answers PA-DSS (Payment Application Data Security Standard) PA-DSS
is the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant correct answers False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? correct answers Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? correct answers The
issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. correct answers During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. correct answers
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? correct answers Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations (ISOs) or
External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? correct answers Developing and
enforcing compliance programs, accepting validation documentation from approved QSA,
PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-QSA, and ASV
company qualification criteria.
Merchant obligation may include submitting their compliance status to multiple entities.
correct answers True - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS compliance
validation reporting process? correct answers Quarterly external vulnerability scans to be
performed by an (ASV) Approved Scanning Vendor. Level 2 merchants may use SAQ
validate compliance.
SAQ D correct answers Service provider using only web based virtual terminal
, SAQ A correct answers MO/TO merchant with all payment functions outsourced to a
compliant service provider
SAQ C correct answers Merchant with standalone payment application connected to the
internet
SAQ B correct answers Merchant with only card-present dial-out terminals.
SAQ P2PE correct answers Merchant who is using a validated P2PE solution listed on the
PCI SSC Website
SAQ A-EP correct answers An online merchant with a payment page that accepts cardholder
data, but transmits the data to a PCI DSS-compliant service provider
SAQ A correct answers An online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP correct answers Merchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? correct answers Third party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or transmits
cardholder data for authorization or settlement, and are sold, licensed or distributed off-the-
self to third parties.
Use of Qualified Integrator/Reseller(QIR) : correct answers A good step toward PCI DSS
compliance.
The presumption of P2PE is that: correct answers Data cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? correct
answers Payment Brands.
Which entity is responsible for forensic investigations of account data? correct answers The
Payment Brands.
Account data consists of (blank) and (blank)? correct answers Cardholders data and Sensitive
Authentication Data (SAD).
Storing track data is permitted when(blank) correct answers It is being stored by issuers.
When scoping an environment for PCI DSS, it is important to identify (blank) correct
answers The role played by Payment Brands include developing and enforcing compliance
programs, accepting validation documentation from QSA, PA-QSA, ASV companies and
their employees and endorsing QSA, PA-QSA, and ASV company criteria.
Methods for stealing payment card data correct answers Includes physical skimming,
malware and weak passwords.
The PCI DSS applies to: correct answers Any entity that stores, processes, or transmitts
payment card account data.
The P2PE standard covers: correct answers Encryption, decryption, key management
requirements for point to point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement correct answers PA-DSS (Payment Application Data Security Standard) PA-DSS
is the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant correct answers False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? correct answers Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? correct answers The
issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. correct answers During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. correct answers
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? correct answers Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations (ISOs) or
External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? correct answers Developing and
enforcing compliance programs, accepting validation documentation from approved QSA,
PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-QSA, and ASV
company qualification criteria.
Merchant obligation may include submitting their compliance status to multiple entities.
correct answers True - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS compliance
validation reporting process? correct answers Quarterly external vulnerability scans to be
performed by an (ASV) Approved Scanning Vendor. Level 2 merchants may use SAQ
validate compliance.
SAQ D correct answers Service provider using only web based virtual terminal
, SAQ A correct answers MO/TO merchant with all payment functions outsourced to a
compliant service provider
SAQ C correct answers Merchant with standalone payment application connected to the
internet
SAQ B correct answers Merchant with only card-present dial-out terminals.
SAQ P2PE correct answers Merchant who is using a validated P2PE solution listed on the
PCI SSC Website
SAQ A-EP correct answers An online merchant with a payment page that accepts cardholder
data, but transmits the data to a PCI DSS-compliant service provider
SAQ A correct answers An online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP correct answers Merchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? correct answers Third party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or transmits
cardholder data for authorization or settlement, and are sold, licensed or distributed off-the-
self to third parties.
Use of Qualified Integrator/Reseller(QIR) : correct answers A good step toward PCI DSS
compliance.
The presumption of P2PE is that: correct answers Data cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? correct
answers Payment Brands.
Which entity is responsible for forensic investigations of account data? correct answers The
Payment Brands.
Account data consists of (blank) and (blank)? correct answers Cardholders data and Sensitive
Authentication Data (SAD).
Storing track data is permitted when(blank) correct answers It is being stored by issuers.
When scoping an environment for PCI DSS, it is important to identify (blank) correct
answers The role played by Payment Brands include developing and enforcing compliance
programs, accepting validation documentation from QSA, PA-QSA, ASV companies and
their employees and endorsing QSA, PA-QSA, and ASV company criteria.
