PCIP || WITH COMPLETE SOLUTIONS.
PCI DSS Requirement 1 correct answers Install and maintain a firewall configuration to
protect cardholder data
PCI DSS Requirement 2 correct answers Do not use vendor supplied defaults for system
passwords and other security parameters
PCI DSS Requirement 3 correct answers Protect stored cardholder data by enacting a formal
data retention policy and implement secure deletion methods
PCI DSS Requirement 4 correct answers Protected Cardholder Data during transmission over
the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 correct answers Use and regularly update anti-virus software or
programs
PCI DSS Requirement 6 correct answers Develop and maintain secure systems and
applications
PCI DSS Requirement 7 correct answers Restrict access to cardholder data by business need
to know
PCI DSS Requirement 8 correct answers Assign a unique ID to each person with computer
access
PCI DSS Requirement 9 correct answers Restrict physical access to cardholder data
PCI DSS Requirement 10 correct answers Track and monitor all access to network resources
and cardholder data
PCI DSS Requirement 11 correct answers Regularly test secuirty systems and processes with
wireless scans, vulnerability scnas, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 correct answers Maintain a policy that addresses information
security for all personnel
ASV (Approved Scanning Vendor) correct answers Company approved by the PCI SSC to
conduct external vulnerability scanning services.
PCI Data Security Standards (PCI DSS) correct answers Covers the security of the
environments that store, process or transmit account data.
Environments receive account data from payment applications and other sources (e.g.
acquirers)
PCI Payment Application Data Security Standards
(PCI PA-DSS) correct answers Covers secure payment applications to support PCI DSS
compliance.
, Applies to Third Party payment applications if the application performs authorization and/or
settlement (POS, shopping carts, etc.)
Ensures a payment application can function in a PCI DSS compliant manner
PA-DSS applications are in scope for PCI DSS
Payment application receives account data from PIN Entry Devices (PED) or other devices
and begins payment transaction
PCI PIN Transaction Security (PCI PTS) correct answers Covers device tamper detection,
cryptographic processes and other mechanisms to protect the Personal Identification Number
(PIN).
Encrypted PIN is passed to payment application or hardware terminal.
PCI-PTS - PIN Security correct answers Covers secure management, processing and
transmission of personal identification number data during online and offline payment card
transaction processing
PCI-PTS - HSM (Hardware Security Module or Host Security Module) correct answers A
physically and logically protected hardware device that provides a secure set of cryptographic
services, used for cryptographic key-management functions and/or the decryption of account
data. Not required by DSS, but may help with the management of keys.
PCI Point to Point Encryption (PCI P2PE) correct answers Covers encryption, decryption and
key management within secure cryptographic devices (SCD). Not a requirement but may
result in reduction of scope.
Secure Cryptographic Device (SCD) correct answers A set of hardware, software and
firmware that implements cryptographic processes (including cryptographic algorithms and
key generation) and is contained within a defined cryptographic boundary. Examples of
secure cryptographic devices include host/hardware security modules (HSMs) and point-of-
interaction devices (POIs) that have been validated to PCI PTS.
POI - Point of Interaction correct answers The initial point where data is read from a card. An
electronic transaction-acceptance product, a POI consists of hardware and software and is
hosted in acceptance equipment to enable a cardholder to perform a card transaction. The POI
may be attended or unattended. POI transactions are typically integrated circuit (chip) and/or
magnetic-stripe card-based payment transactions.
PCI Card Production correct answers Covers physical and logical security requirements for
systems and business processes associated with card personalization, PIN generation, PIN
mailers, and card carriers and distribution.
CDE - Cardholder Data Environment correct answers The people, processes and technology
that store, process, or transmit cardholder data or sensitive authentication data.
Relationship between PTS and PCI DSS correct answers DSS prevents the storage of
encrypted PIN blocks. PTS supports the PIN encryption so there's no overlap.
PCI DSS Requirement 1 correct answers Install and maintain a firewall configuration to
protect cardholder data
PCI DSS Requirement 2 correct answers Do not use vendor supplied defaults for system
passwords and other security parameters
PCI DSS Requirement 3 correct answers Protect stored cardholder data by enacting a formal
data retention policy and implement secure deletion methods
PCI DSS Requirement 4 correct answers Protected Cardholder Data during transmission over
the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 correct answers Use and regularly update anti-virus software or
programs
PCI DSS Requirement 6 correct answers Develop and maintain secure systems and
applications
PCI DSS Requirement 7 correct answers Restrict access to cardholder data by business need
to know
PCI DSS Requirement 8 correct answers Assign a unique ID to each person with computer
access
PCI DSS Requirement 9 correct answers Restrict physical access to cardholder data
PCI DSS Requirement 10 correct answers Track and monitor all access to network resources
and cardholder data
PCI DSS Requirement 11 correct answers Regularly test secuirty systems and processes with
wireless scans, vulnerability scnas, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 correct answers Maintain a policy that addresses information
security for all personnel
ASV (Approved Scanning Vendor) correct answers Company approved by the PCI SSC to
conduct external vulnerability scanning services.
PCI Data Security Standards (PCI DSS) correct answers Covers the security of the
environments that store, process or transmit account data.
Environments receive account data from payment applications and other sources (e.g.
acquirers)
PCI Payment Application Data Security Standards
(PCI PA-DSS) correct answers Covers secure payment applications to support PCI DSS
compliance.
, Applies to Third Party payment applications if the application performs authorization and/or
settlement (POS, shopping carts, etc.)
Ensures a payment application can function in a PCI DSS compliant manner
PA-DSS applications are in scope for PCI DSS
Payment application receives account data from PIN Entry Devices (PED) or other devices
and begins payment transaction
PCI PIN Transaction Security (PCI PTS) correct answers Covers device tamper detection,
cryptographic processes and other mechanisms to protect the Personal Identification Number
(PIN).
Encrypted PIN is passed to payment application or hardware terminal.
PCI-PTS - PIN Security correct answers Covers secure management, processing and
transmission of personal identification number data during online and offline payment card
transaction processing
PCI-PTS - HSM (Hardware Security Module or Host Security Module) correct answers A
physically and logically protected hardware device that provides a secure set of cryptographic
services, used for cryptographic key-management functions and/or the decryption of account
data. Not required by DSS, but may help with the management of keys.
PCI Point to Point Encryption (PCI P2PE) correct answers Covers encryption, decryption and
key management within secure cryptographic devices (SCD). Not a requirement but may
result in reduction of scope.
Secure Cryptographic Device (SCD) correct answers A set of hardware, software and
firmware that implements cryptographic processes (including cryptographic algorithms and
key generation) and is contained within a defined cryptographic boundary. Examples of
secure cryptographic devices include host/hardware security modules (HSMs) and point-of-
interaction devices (POIs) that have been validated to PCI PTS.
POI - Point of Interaction correct answers The initial point where data is read from a card. An
electronic transaction-acceptance product, a POI consists of hardware and software and is
hosted in acceptance equipment to enable a cardholder to perform a card transaction. The POI
may be attended or unattended. POI transactions are typically integrated circuit (chip) and/or
magnetic-stripe card-based payment transactions.
PCI Card Production correct answers Covers physical and logical security requirements for
systems and business processes associated with card personalization, PIN generation, PIN
mailers, and card carriers and distribution.
CDE - Cardholder Data Environment correct answers The people, processes and technology
that store, process, or transmit cardholder data or sensitive authentication data.
Relationship between PTS and PCI DSS correct answers DSS prevents the storage of
encrypted PIN blocks. PTS supports the PIN encryption so there's no overlap.
