PCI ASV Program Guide Questions with Correct Answers Latest Update 2025-2026
Participating Payment Brands - Answers Brands that enforce compliance with PCI standards
PCI DSS compliance - Answers Adhering to requirements, mandates, or dates for PCI DSS
Fines or penalties - Answers Consequences for non-compliance with PCI standards
PCI SSC - Answers Organization maintaining payment card industry standards
ASV Program Guide - Answers Documentation for the ASV Program
ASV Qualification Requirements - Answers Requirements for ASVs to perform vulnerability
scans
ASV Companies - Answers Companies qualified to perform external vulnerability scans
ASV Employees - Answers Employees trained to perform external vulnerability scans
List of Approved Scanning Vendors - Answers List maintained by PCI SSC of approved scanning
vendors
Quality assurance program - Answers Program to ensure quality of ASVs
External vulnerability scans - Answers Scans performed by ASVs to identify vulnerabilities
PCI DSS Requirement 11.3.2 - Answers Requirement for performing external vulnerability scans
Scan customer environment - Answers The system or network being scanned by ASVs
IP address ranges - Answers Ranges of IP addresses to be scanned
Active components and services - Answers Components and services identified during scanning
Scan scope - Answers The extent of the scanning process
Compensating controls - Answers Alternate measures to address vulnerabilities
Report on Compliance (ROC) - Answers Documentation demonstrating compliance with PCI
DSS
QSA Program - Answers Program for Qualified Security Assessors
Scan customer's acquirer(s) - Answers Entity responsible for acquiring scan reports
Scan customer's Internet service provider (ISP) - Answers Provider of internet services to the
scan customer
Scan customer's hosting providers - Answers Providers hosting the scan customer's
Participating Payment Brands - Answers Brands that enforce compliance with PCI standards
PCI DSS compliance - Answers Adhering to requirements, mandates, or dates for PCI DSS
Fines or penalties - Answers Consequences for non-compliance with PCI standards
PCI SSC - Answers Organization maintaining payment card industry standards
ASV Program Guide - Answers Documentation for the ASV Program
ASV Qualification Requirements - Answers Requirements for ASVs to perform vulnerability
scans
ASV Companies - Answers Companies qualified to perform external vulnerability scans
ASV Employees - Answers Employees trained to perform external vulnerability scans
List of Approved Scanning Vendors - Answers List maintained by PCI SSC of approved scanning
vendors
Quality assurance program - Answers Program to ensure quality of ASVs
External vulnerability scans - Answers Scans performed by ASVs to identify vulnerabilities
PCI DSS Requirement 11.3.2 - Answers Requirement for performing external vulnerability scans
Scan customer environment - Answers The system or network being scanned by ASVs
IP address ranges - Answers Ranges of IP addresses to be scanned
Active components and services - Answers Components and services identified during scanning
Scan scope - Answers The extent of the scanning process
Compensating controls - Answers Alternate measures to address vulnerabilities
Report on Compliance (ROC) - Answers Documentation demonstrating compliance with PCI
DSS
QSA Program - Answers Program for Qualified Security Assessors
Scan customer's acquirer(s) - Answers Entity responsible for acquiring scan reports
Scan customer's Internet service provider (ISP) - Answers Provider of internet services to the
scan customer
Scan customer's hosting providers - Answers Providers hosting the scan customer's
