AQSA Certification Exam Rated A+ 2024
A merchant only accepts payments via the telephone and they enter the cardholder data
directly into a webpage provided by their acquirer. Which SAQ is most likely to be one the
merchant should use? - ANSWER-SAQ-C
A visitor - ANSWER-refers to a vendor, guest of any onsite personnel, service workers, or
anyone who needs to enter the facility for a short duration, usually not more than one day.
Acceptable 16 digit PAN with 8 digit BIN Truncation Formats for MasterCard are -
ANSWER-At least 6 digits removed, "First 6, any other 4"
Acceptable 16 digit PAN with 8 digit BIN Truncation Formats for MasterCard are: -
ANSWER-At least 6 digits removed. "First 6, any other 4"
Account data consists of ____________ and _______________? - ANSWER-Cardholder
data and sensitive authentication data
Acquirer - ANSWER-Bank or entity the merchant uses to process their payment card
transactions. AKA merchant bank, ISO (sometimes), payment brand (Amex, Discover,
and JCB). Never VISAor MasterCard
Appendix A2 - ANSWER-Additional PCI DSS Requirement for Entities using SSL/early
TLS
Appendix A3 - ANSWER-Designated Entities Supplemental Validation (DESV). An entity
is required to undergo an assessment according to this appendix only if instructed to do so
by an acquirer or a payment brand.
As defined in PCI DSS requirement 1.2, firewall and router configurations must restrict
connections between which of the following? - ANSWER-Corporate networks and the
cardholder data environment
As defined in requirement 8, what is the minimum complexity of user passwords? -
ANSWER-7 characters, both alphabetic and numeric characters
Authorization of a transaction usually takes place when? - ANSWER-at the time of
purchases
Card Production standards - ANSWER-establish minimum security levels for card vendors
involved in payment card manufacturing, card personalization, pre-personalization, chip
embedding, data preparation , and fulfillment.
, cardholder - ANSWER-is the person that actually has the payment card. They are going to
purchase goods either through a card-present, or a card-not-present transaction.
Cardholder data includes what? - ANSWER-Primary account number (PAN), Cardholder
name, Expiration Data, and Service code
Compensating controls must: - ANSWER-meet the intent and rigor of the original control.
Provide similar defense as the original requirement. Go "above and beyond" other PCI-
DSS requirements. May be suitable for use year-after-year as long as each control is
evaluated on its own merit for each assessment.
Contains all fields of Track 2 plus the cardholder's name and additional fields for
proprietary use by the card issuer. It is the longer track, up to 79 characters - ANSWER-
Track 1
Describe the basic overview of the payment processing workflow - ANSWER-1.
cardholders that make payment card purchases from merchants,
2. merchants that send payment transaction data to their acquirers, and
3. acquirers that send payment transaction data through the payment network to the
issuer.
4. The issuer is the one that actually issues the card to the cardholder and, each time the
cardholder makes a purchase,
5. it is the issuer that provides the transaction authorization or declination to the merchant's
acquiring bank.
Discover Compliance Program is called ______________. - ANSWER-Information
Security Compliance
Dual control - ANSWER-requires two or more people to perform a function, and no single
person can access or use the authentication materials of another.
Encryption sensitive authentication data removes it from PCI DSS scope. (T/F?) -
ANSWER-False
Entities involved in payment card processing via mobile devices (like a phone or tablet)
can reduce the risks to the security of cardholder data by: - ANSWER-Encrypting account
data at the point of capture using an approved point of interaction device.
Entities who handle point-of-sale devices must: - ANSWER-verify the identity of any third-
party persons claiming to be repair or maintenance personnel.
Fill the blank: Are stateful firewalls .......................... for connections into the CDE? -
ANSWER-Required
Goal 1 - ANSWER-Build and maintain a secure network and system
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CLOUND. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.