PCIP EXAM 2023-2024 ACTUAL EXAM 150 QUESTIONS AND CORRECT ANSWERS/PAYMENT CARD
INDUSTRY PROFESSIONAL NEWEST EXAM
acquirer - (answer) party is responsible for merchant compliance validation and merchant
communications
Which statement is correct regarding the internal vulnerability scans and/or rescans? - (answer) They
must be performed after an upgrade to a server that impacts the cardholder data environment
When confirming PCI DSS requirements have been met, assessors must always use which of the
following? - (answer) independent judgment
Typical locations where track data may be found include which of the following? - (answer) databases
and log files from point-of-sales terminals
Which of the following statements about "flat networks" is true? - (answer) All systems on flat network
are in scope for the PCI DSS assessments
If network segmentation is being used to reduce the scope of the PCI DSS assessment, what must the
assessor verify? - (answer) All controls used for segmentation are configured properly
PCI DSS requirement 10.2 defines the types of events to be logged. - (answer) Audit trails, user
identification, type of event, date and time, success and failure indications, source IP address (origination
of event), data and systems touched, time synchronization technology in use.
The payment card brands are responsible for which of the following? - (answer) Penalties or fee
assignment for non-compliance
Which of the following is related to the use of EMV chip technology? - (answer) PCI DSS applies to
environments using EMV chip technology
In order for PCI DSS scope to be reduced, what must adequate network segmentation do? - (answer)
Isolate systems that store, process, or transmit cardholder data from those that do not
, PCIP EXAM 2023-2024 ACTUAL EXAM 150 QUESTIONS AND CORRECT ANSWERS/PAYMENT CARD
INDUSTRY PROFESSIONAL NEWEST EXAM
The Mod 10 formula doubles the value of every other digit of the primary account number beginning
with which digit? - (answer) Second from the right
What is the Mod 10 or Luhn formula? - (answer) The algorithm used to validate PAN (primary account
numbers)
What is required regarding the entity sharing cardholder data with a service provider? - (answer) The
entity must have an established process of engaging service provider, including proper due diligence
prior to engagement
Who is responsible for setting compliance deadlines and fines? - (answer) Payment brands
In accordance with the requirement 12.3.8, usage policies must be defined to automatically disconnect
remote-access sessions. When should the remote-access sessions be disconnected? - (answer) After a
specific period if inactivity
the following statements is correct regarding a PA-DSS application? - (answer) PA-DSS compliant
payment applications are in scope for the merchant's PCI DSS assessment
What does it mean if a suspected card number passes Mod 10? - (answer) It is definitely a valid PAN
Which of the following is correct related to the tracks of the data on the magnetic stripe of a payment
card? - (answer) Track 1 contains all the field of both Track 1 and Track 2
Which of the following is a responsibility of the PCI SSC? - (answer) Define validation requirements of
ASVs (Approved scanning vendors
When should penetration testing be performed? - (answer) At least annually, and after any significant
changes to infrastructure or applications
How often are risk assessments required? - (answer) At least annually
INDUSTRY PROFESSIONAL NEWEST EXAM
acquirer - (answer) party is responsible for merchant compliance validation and merchant
communications
Which statement is correct regarding the internal vulnerability scans and/or rescans? - (answer) They
must be performed after an upgrade to a server that impacts the cardholder data environment
When confirming PCI DSS requirements have been met, assessors must always use which of the
following? - (answer) independent judgment
Typical locations where track data may be found include which of the following? - (answer) databases
and log files from point-of-sales terminals
Which of the following statements about "flat networks" is true? - (answer) All systems on flat network
are in scope for the PCI DSS assessments
If network segmentation is being used to reduce the scope of the PCI DSS assessment, what must the
assessor verify? - (answer) All controls used for segmentation are configured properly
PCI DSS requirement 10.2 defines the types of events to be logged. - (answer) Audit trails, user
identification, type of event, date and time, success and failure indications, source IP address (origination
of event), data and systems touched, time synchronization technology in use.
The payment card brands are responsible for which of the following? - (answer) Penalties or fee
assignment for non-compliance
Which of the following is related to the use of EMV chip technology? - (answer) PCI DSS applies to
environments using EMV chip technology
In order for PCI DSS scope to be reduced, what must adequate network segmentation do? - (answer)
Isolate systems that store, process, or transmit cardholder data from those that do not
, PCIP EXAM 2023-2024 ACTUAL EXAM 150 QUESTIONS AND CORRECT ANSWERS/PAYMENT CARD
INDUSTRY PROFESSIONAL NEWEST EXAM
The Mod 10 formula doubles the value of every other digit of the primary account number beginning
with which digit? - (answer) Second from the right
What is the Mod 10 or Luhn formula? - (answer) The algorithm used to validate PAN (primary account
numbers)
What is required regarding the entity sharing cardholder data with a service provider? - (answer) The
entity must have an established process of engaging service provider, including proper due diligence
prior to engagement
Who is responsible for setting compliance deadlines and fines? - (answer) Payment brands
In accordance with the requirement 12.3.8, usage policies must be defined to automatically disconnect
remote-access sessions. When should the remote-access sessions be disconnected? - (answer) After a
specific period if inactivity
the following statements is correct regarding a PA-DSS application? - (answer) PA-DSS compliant
payment applications are in scope for the merchant's PCI DSS assessment
What does it mean if a suspected card number passes Mod 10? - (answer) It is definitely a valid PAN
Which of the following is correct related to the tracks of the data on the magnetic stripe of a payment
card? - (answer) Track 1 contains all the field of both Track 1 and Track 2
Which of the following is a responsibility of the PCI SSC? - (answer) Define validation requirements of
ASVs (Approved scanning vendors
When should penetration testing be performed? - (answer) At least annually, and after any significant
changes to infrastructure or applications
How often are risk assessments required? - (answer) At least annually
