PCI ISA EXAM QUESTIONS AND ANSWERS
1. Types of Account Data - Cardholder Data - ANSWER: PAN, Cardholder
Name, Expiration Date
2. Types of Account Data - Sensitive Authentication Data (SAD) - ANSWER: Full
track data (magnetic strip or chip), card verification code, and PINS
3. Cardholder - ANSWER: Purchaser
4. Merchant - ANSWER: accepts the cardholder information for purchase;
merchant levels based on payment brand
5. Acquirer - ANSWER: Merchants Bank
6. Payment Brand Network - ANSWER: Facilities the transfer
7. Issuer - ANSWER: Cardholders Bank
8. Service Providers (TPSPs) - ANSWER: Directly involved in the processing,
storage, or transmission of cardholder data on behalf of another entity. If the
TPSP can decrypt the data or has access to decryption keys, that it is in scope
9. Requirement #1 - ANSWER: Install and Maintain Network Security Controls
10. Requirement #2 - ANSWER: Apply secure configurations to all system
components
11. Requirement #3 - ANSWER: Protect Stored Account Data
12. Requirement #4 - ANSWER: Protect cardholder Data with strong cryptography
13. Requirement #5 - ANSWER: Protect all systems and networks from Malicious
Software
14. Requirement #6 - ANSWER: Develop and maintain secure systems and
software
15. Requirement #7 - ANSWER: Restrict Access to system components and
cardholder data by business need to know
16. Requirement #8 - ANSWER: Identify users and authenticate access to system
components
17. Requirement #9 - ANSWER: Restrict physical access to cardholder data
#$%^&*(
1. Types of Account Data - Cardholder Data - ANSWER: PAN, Cardholder
Name, Expiration Date
2. Types of Account Data - Sensitive Authentication Data (SAD) - ANSWER: Full
track data (magnetic strip or chip), card verification code, and PINS
3. Cardholder - ANSWER: Purchaser
4. Merchant - ANSWER: accepts the cardholder information for purchase;
merchant levels based on payment brand
5. Acquirer - ANSWER: Merchants Bank
6. Payment Brand Network - ANSWER: Facilities the transfer
7. Issuer - ANSWER: Cardholders Bank
8. Service Providers (TPSPs) - ANSWER: Directly involved in the processing,
storage, or transmission of cardholder data on behalf of another entity. If the
TPSP can decrypt the data or has access to decryption keys, that it is in scope
9. Requirement #1 - ANSWER: Install and Maintain Network Security Controls
10. Requirement #2 - ANSWER: Apply secure configurations to all system
components
11. Requirement #3 - ANSWER: Protect Stored Account Data
12. Requirement #4 - ANSWER: Protect cardholder Data with strong cryptography
13. Requirement #5 - ANSWER: Protect all systems and networks from Malicious
Software
14. Requirement #6 - ANSWER: Develop and maintain secure systems and
software
15. Requirement #7 - ANSWER: Restrict Access to system components and
cardholder data by business need to know
16. Requirement #8 - ANSWER: Identify users and authenticate access to system
components
17. Requirement #9 - ANSWER: Restrict physical access to cardholder data
#$%^&*(
