PCI DSS Assessment

Question 1

What does PCI DSS stand for?

A) Personal Card Information Data Security Standard
B) Payment Card Information Data System Security
C) Payment Card Industry Data Security Standard
D) Personal Card Industry Data System Security

Answer 1

C) Payment Card Industry Data Security Standard

Question 2

How often should you empty your deleted items?

A) Daily
B) Weekly
C) Hourly
D) It is cleared automatically

Answer 2

A) Daily

Question 3

When can you open email attachments in your personal outlook inbox from an unknown source?

A) Never
B) When you know or are informed by the IT department that the attachment has been anti-virus checked
C) When it is forwarded by an Elevate colleague
D) When it has been encrypted

Answer 3

B) When you know or are informed by the IT department that the attachment has been anti-virus checked

Question 4

Which is a correct statement?

A) un-obscured PANS can be transmitted externally from the business
B) Mobile phones must never be connected to a company computer
C) You can install software onto a company PC if it has been anti-virus checked and has encryption and protection built in
D) All staff members should have the highest access privilege set to allow them to complete their role

Answer 4

B) Mobile phones must never be connected to a company computer

Question 5

Where should a visitor never be left unattended?

A) A quiet area on the operational floor
B) The toilets
C) Stairwells
D) Staff room

Answer 5

A) A quiet area on the operational floor

Question 6

What is NOT a requirement of IT security?

A) No staff member is to attempt to gain access to any system, directory, file or pc which they are not authorised to access

B) No customer information can be stored on external devices

C) All staff members should have the highest access privilege set to allow them to complete their role

D) Always lock your PC when you are away from your desk

Answer 6

C) All staff members should have the highest access privilege set to allow them to complete their role

Question 7

Who can you share your system password with?

A) No-one
B) Information Security
C) Your manager
D) IT when they need remote access

Answer 7

A) No-one

Question 8

All visitors must

A) Have passed a CRB check
B) Wait outside until the person they have arranged to meet can sign for them
C) Be signed into the visitors book and escorted at all times.
D) Have their mobile phones and any other external devices scanned by IT

Answer 8

C) Be signed into the visitors book and escorted at all times.

Question 9

Which statement is not correct regarding the use of email?

A) Customer card information can be transmitted out of the business if you need to work from home urgently
B) Company email must not be used for personal communication
C) Any email received that contains card information must be deleted
Email attachments from an unknown source should not be downloaded unless it has been anti-virus checked

Answer 9

A) Customer card information can be transmitted out of the business if you need to work from home urgently

Question 10

If you are requested to write down customer card details on paper, what should you do?

A) Inform the requestor that card details should never be written down
B) Write them on coloured paper and shred them within 30 minutes
C) Make an electronic note and then delete the note as soon as possible
D) Write them on a post it note and shred as soon as they have been used

Answer 10

A) Inform the requestor that card details should never be written down

Question 11

What does MSP stand for?

A) Merchant Service Provider
B) Monetary Standard Payments
C) Multiple Service Payments
D) Minimum Security Precautions

Answer 11

A) Merchant Service Provider

Question 12

What is the maximum amount of time we can retain printed emails containing card details

A) 2 days
B) Emails with card details should not be printed
C) 2 hours to a maximum of 2 days
D) 6 months with full PAN then PAN obscured

Answer 12

B) Emails with card details should not be printed

Question 13

When must IT be informed so an entry card/fob can be cancelled?

A) When someone goes on holiday for two weeks
B) When someone is suspended
C) When someone is on sick leave
D) When you accidentally leave your entry card/fob at home

Answer 13

B) When someone is suspended

Question 14

Which of the following would be a secure password?

A) K(TR*6T7
B) monday123!
C) 5uP3rSPeCi3)
D) jEleviS&W

Answer 14

C) 5uP3rSPeCi3)

Password needs to be 7 or more characters long
Have uppercase and lowercase letters
Have some numbers
Have some symbols ie )(:£&@?!-/
Cannot contain a word ie Monday, Tuesday etc

Question 15

What is NOT a requirement of building security?

A) The front door must be kept shut
B) You must keep your entry card with you at all times
C) When the building is empty, all doors must be locked and the alarm set
D) If you lose your entry card/fob, this must be reported to a colleague immediately

Answer 15

D) If you lose your entry card/fob, this must be reported to a colleague immediately