PCIP || 100% ACCURATE.
PCI DSS Requirement 1 correct answers Install and maintain a firewall configuration to
protect cardholder data
PCI DSS Requirement 2 correct answers Do not use vendor supplied defaults for system
passwords and other security parameters
PCI DSS Requirement 3 correct answers Protect stored cardholder data by enacting a formal
data retention policy and implement secure deletion methods
PCI DSS Requirement 4 correct answers Protected Cardholder Data during transmission over
the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 correct answers Use and regularly update anti-virus software or
programs
PCI DSS Requirement 6 correct answers Develop and maintain secure systems and
applications
PCI DSS Requirement 7 correct answers Restrict access to cardholder data by business need
to know
PCI DSS Requirement 8 correct answers Assign a unique ID to each person with computer
access
PCI DSS Requirement 9 correct answers Restrict physical access to cardholder data
PCI DSS Requirement 10 correct answers Track and monitor all access to network resources
and cardholder data
PCI DSS Requirement 11 correct answers Regularly test security systems and processes with
wireless scans, vulnerability scans, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 correct answers Maintain a policy that addresses information
security for all personnel
PCI Data Security Standards (PCI DSS) correct answers "Covers the security of the
environments that store, process, or transmit account data.
Environments receive account data from payment applications and other sources (e.g.
acquirers)"
"PCI Payment Application Data Security Standards
(PCI PA-DSS)" correct answers "Covers secure payment applications to support PCI DSS
compliance.
Payment application receives account data from PIN Entry Devices (PED) or other devices
and begins payment transaction"
, PCI PIN Transaction Security (PCI PTS) correct answers "Covers device tamper detection,
cryptographic processes, and other mechanisms to protect the Personal Identification Number
(PIN).
An encrypted PIN is passed to payment application or hardware terminal."
PCI PIN Security correct answers Covers secure management, processing and transmission of
personal identification number data during online and offline payment card transaction
processing
PCI Point to Point Encryption (PCI P2PE) correct answers Covers encryption, decryption and
key management within secure cryptographic devices (SCD).
CDE correct answers Cardholder Data Environment
Relationship between PTS and PCI DSS correct answers DSS prevents the storage of
encrypted PIN blocks. PTS supports the PIN encryption so there's no overlap.
Relationship between PCI DSS and PA-DSS correct answers Payment applications must
support and not hinder PCI DSS compliance
PCI DSS requirements mirrored in many payment application requirements in PA-DSS"
Relationship between PCI DSS and P2PE correct answers Incorporates requirements from
Pin Transaction Security, PCI DSS, PA-DSS, and PCI PIN to protect CHD from the point of
capture until it reaches the payment processor.
Properly implemented, validated P2PE solutions may help reduce the scope of a merchant's
PCI DSS assessment."
CHD correct answers Card Holder Data
PA-DSS applies to third party payment applications correct answers if application performs
authorization and/or settlement (POS, shopping carts, etc.)
PA-DSS ensure a payment application functions correct answers in a PCI DSS compliant
manner by supporting the compliance of those that use the application.
Use of a PA-DSS application alone correct answers does not guarantee PCI DSS compliance.
Assessor must validate that payment application is installed correct answers per instructions
in the PA-DSS implementation Guide provided by payment application vendor and in a PCI
DSS compliant manner.
PTS requirements apply to: correct answers Point of Interaction (POI) devices
Encrypting PIN Pads (EPP)
Point of Sale devices (POS)
Hardware/host Security Modules (HSM)
Unattended Payment Terminals (UPT)
non-PIN entry modules
PCI DSS Requirement 1 correct answers Install and maintain a firewall configuration to
protect cardholder data
PCI DSS Requirement 2 correct answers Do not use vendor supplied defaults for system
passwords and other security parameters
PCI DSS Requirement 3 correct answers Protect stored cardholder data by enacting a formal
data retention policy and implement secure deletion methods
PCI DSS Requirement 4 correct answers Protected Cardholder Data during transmission over
the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.)
PCI DSS Requirement 5 correct answers Use and regularly update anti-virus software or
programs
PCI DSS Requirement 6 correct answers Develop and maintain secure systems and
applications
PCI DSS Requirement 7 correct answers Restrict access to cardholder data by business need
to know
PCI DSS Requirement 8 correct answers Assign a unique ID to each person with computer
access
PCI DSS Requirement 9 correct answers Restrict physical access to cardholder data
PCI DSS Requirement 10 correct answers Track and monitor all access to network resources
and cardholder data
PCI DSS Requirement 11 correct answers Regularly test security systems and processes with
wireless scans, vulnerability scans, log audits, ASV (Approved Scanning Vendor)
PCI DSS Requirement 12 correct answers Maintain a policy that addresses information
security for all personnel
PCI Data Security Standards (PCI DSS) correct answers "Covers the security of the
environments that store, process, or transmit account data.
Environments receive account data from payment applications and other sources (e.g.
acquirers)"
"PCI Payment Application Data Security Standards
(PCI PA-DSS)" correct answers "Covers secure payment applications to support PCI DSS
compliance.
Payment application receives account data from PIN Entry Devices (PED) or other devices
and begins payment transaction"
, PCI PIN Transaction Security (PCI PTS) correct answers "Covers device tamper detection,
cryptographic processes, and other mechanisms to protect the Personal Identification Number
(PIN).
An encrypted PIN is passed to payment application or hardware terminal."
PCI PIN Security correct answers Covers secure management, processing and transmission of
personal identification number data during online and offline payment card transaction
processing
PCI Point to Point Encryption (PCI P2PE) correct answers Covers encryption, decryption and
key management within secure cryptographic devices (SCD).
CDE correct answers Cardholder Data Environment
Relationship between PTS and PCI DSS correct answers DSS prevents the storage of
encrypted PIN blocks. PTS supports the PIN encryption so there's no overlap.
Relationship between PCI DSS and PA-DSS correct answers Payment applications must
support and not hinder PCI DSS compliance
PCI DSS requirements mirrored in many payment application requirements in PA-DSS"
Relationship between PCI DSS and P2PE correct answers Incorporates requirements from
Pin Transaction Security, PCI DSS, PA-DSS, and PCI PIN to protect CHD from the point of
capture until it reaches the payment processor.
Properly implemented, validated P2PE solutions may help reduce the scope of a merchant's
PCI DSS assessment."
CHD correct answers Card Holder Data
PA-DSS applies to third party payment applications correct answers if application performs
authorization and/or settlement (POS, shopping carts, etc.)
PA-DSS ensure a payment application functions correct answers in a PCI DSS compliant
manner by supporting the compliance of those that use the application.
Use of a PA-DSS application alone correct answers does not guarantee PCI DSS compliance.
Assessor must validate that payment application is installed correct answers per instructions
in the PA-DSS implementation Guide provided by payment application vendor and in a PCI
DSS compliant manner.
PTS requirements apply to: correct answers Point of Interaction (POI) devices
Encrypting PIN Pads (EPP)
Point of Sale devices (POS)
Hardware/host Security Modules (HSM)
Unattended Payment Terminals (UPT)
non-PIN entry modules
