Study guides, Class notes & Summaries

PCIP ACTUAL EXAM 200 QUESTIONS AND CORRECT ANSWERS 2023-2024 UPDATE ALREADY GRADED A+ WITH EXPERT FEEDBACK

PA-DSS - ans-Payment Application Data Security Standard (POS, shopping carts, etc.) PTS (POI) - ans-Pin Transaction Security Point of Interaction Standard (Attended and Unattended Devices) HSM (PIN) - ans-Hardware Security Module Pin Standard (not required but may assist in becoming compliant) P2PE - ans-Point to Point Encryption Standard (Most helpful standard to reduce scope) SRED - ans-Secure Read and Exchange Module allows terminals to be approved for secure encryp...

Which of the below functions is associated with Acquirers? A. Provide settlement services to a merchant B. Provide authorization services to a merchant C. Provide clearing services to a merchant D. All of the options - ans-Correct Answer: D Which of the following entities will actually approve a purchase? A. Non-Issuing Merchant Bank B. Issuing Bank C. Payment Transaction Gateway D. Acquiring Bank - ans-Correct Answer: B Which of the following lists the correc...

Can existing PCI DSS requirements be considered as compensating controls if they are already required for the item under review? - ans-NO What are reasons to consider using compensating controls? - ans-Legitimate technical constraints or documented business constraints Do PCI DSS requirements apply if virtualization is used in the CDE? - ans-YES P2PE encrypts data at source and decrypts at destination - ans-True A compensating control must __________________________ - ans-m...

How is skimming used to target PCI data? - ans-Copying payment card numbers by tampering with POS devices, ATMs, Kiosks or copying the magnetic stripe using handheld skimmers. How is phishing used to target PCI data? - ans-By doing reconnaissance work through social engineering and or breaking in using software vulnerabilities or e-mails. How can Payment Data be Monetized? - ans-By skimming the card to get the full track of data, and then making another like card. Using the card i...

PCI SSCs mission - ans-To enhance payment account data security by driving education and awareness of the PCI SSC security standards (the "PCI standards"). Adopted to help achieve the goal of PCI SSCs Mission - ans-Code of Professional Responsibility to help ensure that information security professional adhere to the highest standards of ethical and professional conduct. Adherence to the Code of Professional Responsibility (CPR) - ans-Helps ensure the safe handling of cardholder...

An Assessment Performed on ___ MUST include testing of the requirements that are currently best practice - ans-21st April 2025 Which of these describe a function of the security controls that must be implemented on a computing device to the CDE and untrusted networks? - ans-Include settings to prevent threats being introduced to the entity's network which of these should be secured a per req. 1.2.8? - ans-any file or setting used to configure NSCs when must secure configuratio...

Requirement 1 - ans-Install and maintain a firewall configuration to protect cardholder data Requirement 2 - ans-Do not use vendor supplied defaults for system passwords and other security parameters Requirement 3 - ans-Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods Requirement 4 - ans-Encrypt transmission of cardholder data across open, public networks Requirement 5 - ans-Protect all systems against malw...

PCI DSS Requirement 1 - ans-Install and maintain a firewall configuration to protect cardholder data PCI DSS Requirement 2 - ans-Do not use vendor supplied defaults for system passwords and other security parameters PCI DSS Requirement 3 - ans-Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods PCI DSS Requirement 4 - ans-Protected Cardholder Data during transmission over the internet, wireless networks or other ope...

How is skimming used to target PCI data? - ans-Copying payment card numbers by tampering with POS devices, ATMs, Kiosks or copying the magnetic stripe using handheld skimmers. How is phishing used to target PCI data? - ans-By doing reconnaissance work through social engineering and or breaking in using software vulnerabilities or e-mails. How can Payment Data be Monetized? - ans-By skimming the card to get the full track of data, and then making another like card. Using the card i...

Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers - ans-Requirement A1: Shared hosting providers must protect the cardholder data environment.Shared hosting providers must protect each entity's hosted environment and data. Therefore, shared hosting providers must additionally comply with the requirements in Appendix A1. A1 - Protect each entity's (that is, merchant, service provider, or other entity) hosted environment and data: - ans-Appendix A1 of PCI DSS is ...