PCIP Exam Questions
With Correct Answers
100% 2024 Complete
The PCI DSS applies to all entities that store, process, and/or transmit cardholder
... [Show More]
data. It covers technical
and operational system components included in or connected to cardholder data. If you
accept or process payment cards, PCI DSS applies to you.
Sensitive Authentication Data
Merchants, service providers, and other
entities involved with payment card processing must never store sensitive
authentication data after
authorization. This includes the 3- or 4- digit security code printed on the front or back
of a card (CVD), the data stored on a card's magnetic stripe or chip (also called "Full
Track Data") - and personal identification numbers (PIN) entered by the cardholder.
Card Verification Data Codes (CVD)
3 or 4 digit code that further authenticates a not-present cardholder
Visa-CVV2
MC- CVC2
Discover- CVD
JCB-CAV2
AmEx- CID
Requirement 1
Install and maintain a firewall configuration to protect cardholder data
Network devices in scope for Requirement 1
Firewalls and Routers- Routers connect traffic between
networks, Firewalls control the traffic between networks and within internal network
QIR Qualified Integrators & Resellers
Qualified Integrators & Resellers- authorized by the SSC to implement, configure
and/or support PA-DSS payment applications. Visa requires all level 4 merchants use
QIRs for POS application and terminal installation and servicing
Compensating Controls
An alternative control, put in place to satisfy the requirement for a security measure
that is deemed too difficult or impractical to implement at the present time.
Permitted reasons for using Compensating Controls
Organizations needing an alternative to security requirements that could not be met due
to legitimate technological OR documented business constraints, but
has sufficiently mitigated the risk associated with the requirement through
implementation of other compensating controls
Examples of Compensating Controls
(i) Segregation of Duties (SOD) and (ii) Encryption
Compensating Controls must:
1) Meet the intent and rigor of the original stated requirement; [Show Less]