Which of the following items are included in the Compensating Controls worksheet?
Constraints, objectives, identified risks and definition of
... [Show More] compensating controls.
Which of the following items CANNOT be stores?
PIN
The process of isolating the cardholder data environment from the remainder of an entity's network is called?
Network segmentation
For those entities that outsource storage, processing or transmission of cardholder data to third party service providers which of the following must be completed?
Report on Compliance (ROC)
Which of the following are NOT a part of the Report on Compliance?
None of the above
The first step of a PCI assessment is to:
Determine the scope of the review
Steps to reducing the scope of the cardholder data environment may include all items below EXCEPT:
Purge all data that is older than 1 week
Before wireless technology is implemented:
An entity should carefully evaluate the need for the technology against the risk
The P2PE Standard covers:
Encryption, decryption, and key management within secure cryptographic devices
The PCI DSS applied to any entity that ____, _____, or _____ cardholder data.
stores, processes, transmits
The PCI DSS standard follows a defined ________ lifecycle.
36 month
Which of the below functions is associated with Acquirers?
All of the options
Which of the following entities will actually approve a purchase?
Issuing Bank
Which of the following lists the correct "order" for the flow of a payment card transaction?
Authorization, Clearing, Settlement
Service providers include companies which ______ or could _______ the security of cardholder data.
control, impact
Cardholder Data may be stored in "KNOWN" and "UNKNOWN" locations.
True
Storing Track Data "Long-term" or "persistently" may be permitted if _________.
it is being stored by issuers
PCI DSS Requirements 3.4 states the PAN must be rendered unreadable when stored, using _________.
Encryption, Hashing, or Truncation
Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure?
SSH
When scoping an environment for a PCI DSS assessment, it is important to identify__________.
All of the options.
Merchants involved with only e-commerce transactions with are completely outsourced to PCI DSS compliant service provider would use which SAQ?
SAQ A
Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ?
SAQ B
When a service provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used?
SAQ D
Information Supplements provided by the PCI SSC may "supersede" requirements.
False
If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies.
True [Show Less]