IS3445 CHAP 10 MAINTAINING PCI DSS COMPLIANCE FOR E-COMMERCE WEB SITES

Question 1

___ is a processing strategy in which transactions are not handled immediately; rather, receipts are collected and processed as a batch.

Answer 1

Batch processing

Question 2

___ is a protocol within the TCP/IP protocol suite designed to synchronize clocks of computer systems over packet-switched networks.

Answer 2

(NTP) Network Time Protocol

Question 3

___ occurs when companies send their information to third party service providers for storage, processing or transmission.

Answer 3

Outsourcing

Question 4

___ is a set of standards designed to help organizations that process credit card payments prevent fraud by having increased control over data and its exposure.

Answer 4

(PCI DSS) Payment Card Industry Data Security Standard

Question 5

___ is a credit card transaction in which processing is immediate.

Answer 5

Real time processing

Question 6

___ is a unique client identifier sent over a wireless network as a simple password that is used for authentication between a wireless client and and access point.

Answer 6

(SSID) Service set identifier

Question 7

___ is a person trained to conduct PCI DSS Security Assessments.

Answer 7

(QSA) Qualified Security Assessor

Question 8

___ is data encryption method used on 802.11 wireless LANs.

Answer 8

(WPA)Wi-Fi Protected Access

Question 9

1. Because it is a perimeter defense strategy, a firewall is not a critical element of cardholder data security.
   TRUE OR FALSE

Answer 9

FALSE

Question 10

2. You are tasked with designing a security policy for cardholder data. Which of the following are recommended security strategies for cardholder data? (Select three)
3. Verify that data is retained for a limited period of time.
4. Verify that user groups are used to access sensitive data areas
5. Verify that data is disposed of properly.
6. Verify that passwords are encrypted during transmission.

Answer 10

Verify that data is retained for a limited period of time.

Verify that data is disposed of properly.

Verify that passwords are encrypted during transmission.

Question 11

3. Use WEP to secure communications sent over a wired network.
   TRUE OR FALSE

Answer 11

FALSE

Question 12

4. Which of the following elements are typically examined during a PCI DSS Security Assessment? (Select two)
5. Firewalls
6. Network hardware
7. Employee background
8. Cached files

Answer 12

Firewalls

Network hardware

Question 13

5. When credit card transactions are handled in ___, receipts are often collected over a day or week and then sent in as multiple sets of information.

Answer 13

Batch processing

Question 14

6. PSS DSS is a set of standards designed to help organizations that process credit card payments prevent fraud by having increased control over data and its exposure.
   TRUE OR FALSE

Answer 14

TRUE

Question 15

7. When credit card transactions are handled in ___, a consumer’s credit card is debited immediately to complete a purchase.

Answer 15

Real-time processing

Question 16

8. You are attempting to synchronize your Web server to online timekeeping. which of the following protocols are responsible for managing system time?
9. TTP
10. TNP
11. NTP
12. CTP

Answer 16

NTP

Question 17

9. Which of the following firewall considerations are recommended by the PCI Security Standards Council? (Select three).
10. Use open source firewall systems
11. Block unused ports
12. Use host-based firewall systems on mobile computers
13. Conduct periodic reviews of firewall and router set rules.

Answer 17

Block unused ports

Use host-based firewall systems on mobile computers

Conduct periodic reviews of firewall and router set rules.

Question 18

10. Merchants should develop a two factor authentication scheme o protect access to cardholder data.
    TRUE OR FALSE

Answer 18

TRUE