Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
This practice exam for the PCIP certification covers payment card industry security standards and best practices, including transaction flow, cardholder data security, and compensating controls. The multiple-choice questions with detailed explanations help candidates assess their understanding of the PCIP material and identify areas for improvement, making it a valuable resource for those preparing for the certification exam.
Typology: Exams
1 / 9
W hich of the below functions is associated with Acquirers? A. Provide settlement services to a merchant B. Provide authorization services to a merchant C. Provide clearing services to a merchant D. All of the options - Correct Answer: D Which of the following entities will actually approve a purchase? A. Non-Issuing Merchant Bank B. Issuing Bank C. Payment Transaction Gateway D. Acquiring Bank - Correct Answer: B Which of the following lists the correct "order" for the flow of a payment card transaction? A. Clearing, Settlement, Authorization B. Clearing, Authorization, Settlement
C. Authorization, Clearing, Settlement D. Authorization, Settlement, Clearing - Correct Answer: C Service Providers include companies which_____________or could______________the security of cardholder data. A. are PCI compliant, prove effective controls for B. control, impact C. manage, test D. control, subrogate - Correct Answer: B Cardholder Data may be stored in "KNOWN" and "UNKNOWN" locations. A. True B. False - Correct Answer: A Storing Track Data "Long-Term" or "persistently" may be permitted if_______________. A. it is being stored by issuers B. it is reported to the PCI SSC annually in a Roca C. it is encrypted by the merchant storing it
D. it is hashed by the merchant storing it - Correct Answer: A PCI DSS Requirement 3.4 states the PAN must be rendered unreadable when stored, using___________. A. Encryption, Truncation, or Obfuscating B. Hashing, Scrambling, or Encrypting C. Encryption, Hashing, or Truncation D. Truncation, Scrambling, or Encrypting - Correct Answer: C Requirement 2.2.2 states "Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system". Which of the following is considered secure? A. SSH B. Rogan C. Telnet D. FTP - Correct Answer: A When scoping an environment for a PCI DSS assessment, it is important to identify _______________. A. All flows of cardholder data B. All of the options
C. Components that store cardholder data D. Business facilities involved in processing transactions - Correct Answer: B QUESTION 21 Merchants involved with only e-commerce transactions that are completely outsourced to a PCI DSS compliant service provider would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ D D. SAQ A - Correct Answer: D Imprint-Only Merchants with no electronic storage of cardholder data would use which SAQ? A. SAQ C/VT B. SAQ B C. SAQ A D. SAQ D - Correct Answer: B When a Service Provider has been defined by a payment brand as eligible to complete a SAQ, which SAQ is used?
D. SAQ C - Correct Answer: A Information Supplements provided by the PCI SSC may "supersede" requirements. A. True B. False - Correct Answer: B If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies. A. False B. True - Correct Answer: B The presumption of P2PE is that cardholder data in transit is protected when it is encrypted to the extent that an entity in possession of the ciphertext alone can easily reverse the encryption process A. False B. True - Correct Answer: A Encrypting account data at the point of capture is one way an entity involved in payment card processing via mobile devices can actively help in controlling risks to the security of cardholder data.
A. True B. False - Correct Answer: A In order to be considered a compensating control, which of the following must exist? A. A legitimate technical constraint and a documented business constraint. B. A legitimate technical constraint. C. A legitimate technical constraint of a documented business constraint. D. A documented business constraint. - Correct Answer: C PCI DSS Requirement 1 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) - Correct Answer: A PCI DSS Requirement 2 A. Install and maintain a firewall configuration to protect cardholder data
B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.)
D. Use and regularly update anti-virus software or programs - Correct Answer: C PCI DSS Requirement 5 A. Use and regularly update anti-virus software or programs B. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Do not use vendor supplied defaults for system passwords and other security parameters - Correct Answer: A PCI DSS Requirement 6 A. Use and regularly update anti-virus software or programs B. Develop and maintain secure systems and applications C. Assign a unique ID to each person with computer access D. Restrict access to cardholder data by business need to know - Correct Answer: B PCI DSS Requirement 8 A. Identify and authenticate access to system components B. Restrict physical access to cardholder data
C. Develop and maintain secure systems and applications D. Use and regularly update anti-virus software or programs -