Pci Knowledge Check v2 Questions and
Answers
Methods for stealing payment card data - answer Includes physical skimming,
malware and weak passwords.
The PCI DSS applies to: - answer Any entity that stores, processes, or transmitts
payment card account data.
The P2PE standard covers: - answer Encryption, decryption, key management
requirements for point to point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement - answer PA-DSS (Payment Application Data Security Standard) PA-DSS
is the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant - answer False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? - answer Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? - answer The
issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. - answer During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. - answer
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? - answer Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations
(ISOs) or External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? - answer Developing
and enforcing compliance programs, accepting validation documentation from approved
QSA, PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-
QSA, and ASV company qualification criteria.
, Merchant obligation may include submitting their compliance status to multiple entities. -
answer True - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS
compliance validation reporting process? - answer Quarterly external vulnerability
scans to be performed by an (ASV) Approved Scanning Vendor. Level 2 merchants
may use SAQ validate compliance.
SAQ D - answer Service provider using only web based virtual terminal
SAQ A - answer MO/TO merchant with all payment functions outsourced to a
compliant service provider
SAQ C - answer Merchant with standalone payment application connected to the
internet
SAQ B - answer Merchant with only card-present dial-out terminals.
SAQ P2PE - answer Merchant who is using a validated P2PE solution listed on the
PCI SSC Website
SAQ A-EP - answer An online merchant with a payment page that accepts
cardholder data, but transmits the data to a PCI DSS-compliant service provider
SAQ A - answer An online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP - answer Merchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? - answer Third party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or
transmits cardholder data for authorization or settlement, and are sold, licensed or
distributed off-the-self to third parties.
Use of Qualified Integrator/Reseller(QIR) : - answer A good step toward PCI DSS
compliance.
The presumption of P2PE is that: - answer Data cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? -
answer Payment Brands.
Answers
Methods for stealing payment card data - answer Includes physical skimming,
malware and weak passwords.
The PCI DSS applies to: - answer Any entity that stores, processes, or transmitts
payment card account data.
The P2PE standard covers: - answer Encryption, decryption, key management
requirements for point to point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement - answer PA-DSS (Payment Application Data Security Standard) PA-DSS
is the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant - answer False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? - answer Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? - answer The
issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. - answer During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. - answer
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? - answer Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations
(ISOs) or External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? - answer Developing
and enforcing compliance programs, accepting validation documentation from approved
QSA, PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-
QSA, and ASV company qualification criteria.
, Merchant obligation may include submitting their compliance status to multiple entities. -
answer True - Merchants may have to submit to multiple entities.
Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS
compliance validation reporting process? - answer Quarterly external vulnerability
scans to be performed by an (ASV) Approved Scanning Vendor. Level 2 merchants
may use SAQ validate compliance.
SAQ D - answer Service provider using only web based virtual terminal
SAQ A - answer MO/TO merchant with all payment functions outsourced to a
compliant service provider
SAQ C - answer Merchant with standalone payment application connected to the
internet
SAQ B - answer Merchant with only card-present dial-out terminals.
SAQ P2PE - answer Merchant who is using a validated P2PE solution listed on the
PCI SSC Website
SAQ A-EP - answer An online merchant with a payment page that accepts
cardholder data, but transmits the data to a PCI DSS-compliant service provider
SAQ A - answer An online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP - answer Merchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? - answer Third party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or
transmits cardholder data for authorization or settlement, and are sold, licensed or
distributed off-the-self to third parties.
Use of Qualified Integrator/Reseller(QIR) : - answer A good step toward PCI DSS
compliance.
The presumption of P2PE is that: - answer Data cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? -
answer Payment Brands.
