Exam (elaborations)
PCI Knowledge Check v2 Questions and Answers 2024
- Course
- Institution
PCI Knowledge Check v2
[Show more]
Content preview
PCI Knowledge Check v2Methods for stealing payment card data - answer Includes physical skimming, malware
and weak passwords.
The PCI DSS applies to: - answer Any entity that stores, processes, or transmits
payment card account data.
The P2PE standard covers: - answer Encryption, decryption, key management
requirements for point-to-point encryption solutions.
The standard for validating off-the-self payment applications used in authorization and
settlement – answer PA-DSS (Payment Application Data Security Standard) PA-DSS is
the standard used by PA-QSAs to validate payment applications.
Merchants using PA-DSS validated payment applications are automatically PCI DSS
compliant - answer False - Using PA-DSS validated applications is not the only
requirement for a merchant to become PCI DSS Compliant.
Which of the below functions is associated with acquirers? - answer Acquirers are
involved in authentication, clearing and settlement for their merchant.
Which of the following entities will ultimately approve a purchase? - answer The issuer
In which step does the payment brand network provide complete recognition to the
merchant's bank. - answer During clearing, the processor provides complete
reconciliation to the merchant's bank.
A company that (blank) is considered to be a service to be a service provider. - answer
controls impact the security of cardholder data.
Which of the following are parts of the examples of service providers? - answer Data
Center Hosting Provides, Payment Gateways. and Independent Sales Organizations
(ISOs) or External Sales Agents (ESAs).
Which of the following are parts of the Payment Brand role? - answer Developing and
enforcing compliance programs, accepting validation documentation from approved
QSA, PA-QSA, and ASV companies and their employees, and endorsing QSA, PA-
QSA, and ASV company qualification criteria.
Merchant obligation may include submitting their compliance status to multiple entities. -
answer True - Merchants may have to submit to multiple entities.
, Level 1 and Level 2 merchants must include (blank) as part of their PCI DSS
compliance validation reporting process? - answerQuarterly external vulnerability scans
to be performed by an (ASV) Approved Scanning Vendor. Level 2 merchants may use
SAQ validate compliance.
SAQ D - answerService provider using only web based virtual terminal
SAQ A - answerMO/TO merchant with all payment functions outsourced to a compliant
service provider
SAQ C - answerMerchant with standalone payment application connected to the
internet
SAQ B - answerMerchant with only card-present dial-out terminals.
SAQ P2PE - answerMerchant who is using a validated P2PE solution listed on the PCI
SSC Website
SAQ A-EP - answerAn online merchant with a payment page that accepts cardholder
data, but transmits the data to a PCI DSS-compliant service provider
SAQ A - answerAn online merchant that displays a PCI DSS compliant service
providers payment page IFRAME, All page content is from the PSP.
SAQ B-IP - answerMerchants using an end-to-end encryption solution (E2EE) that
utilizes PCI PTS-Approved POI devices with communicate with acquirer over an IP
Network.
Which of the following could PA-DSS apply to? - answerThird party - off-the-self
payment application - PA-DSS only applies to applications that store, process, or
transmits cardholder data for authorization or settlement, and are sold, licensed or
distributed off-the-self to third parties.
Use of Qualified Integrator/Reseller(QIR) : - answerA good step toward PCI DSS
compliance.
The presumption of P2PE is that: - answerData cannot be decrypted between the
source and the destination point
Which entity is responsible for developing and enforcing compliance programs? -
answerPayment Brands.
Which entity is responsible for forensic investigations of account data? - answerThe
Payment Brands.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jw638729. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80467 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now