Requirement 1-12

Question 1

Theme 1

Answer 1

Build and Maintain Secured Network

Question 2

Theme 2

Answer 2

Protect Cardholder Data

Question 3

Theme 3

Answer 3

Maintain a Vulnerability Management Program

Question 4

Theme 4

Answer 4

Implement Access Controls Measure

Question 5

Theme 5

Answer 5

Regularly Monitor and Test Network

Question 6

Theme 6

Answer 6

Maintain Information Security Policies

Question 7

Build and Maintain Secured Network (Theme 1)

Answer 7

Firewall Management (Req 1)
Vendor Defaults (Req 2)

Question 8

Protect Cardholder Data (Theme 2)

Answer 8

Data Protection (Req 3)
Data Transmission and Encryption (Req 4)

Question 9

Maintain a Vulnerability Management Program (Theme 3)

Answer 9

Anti-virus Controls (Req 5)
Systems and Applications Security (Req 6)

Question 10

Implement Access Controls Measures

Answer 10

Data Access Controls (Req 7)
Personal Access Controls (Req 8)
Physical Access Controls (Req 9)
Data and Network Access Controls (Req 10)

Question 11

Regularly Monitor and Test Network

Answer 11

Security Testing (Req 11)

Question 12

Maintain Information Security Policies

Answer 12

Information Security Policies (Req 12)

Question 13

Process of identifying all system components, people, and processes to be included in a PCI DSS assessment.

Answer 13

SCoping

Question 14

The purpose is to avoid the ability and risk of out-of-scope systems to interact with the Cardholder Data Environment (CDE) systems or impact the CDE security.

Answer 14

Network Segmentation

Question 15

If the ____________ is implemented correctly, even if the attacker has administrative access to the out-of-scope system, the CDE is not compromised by a segmented out-of-scope system component.

Answer 15

Network Segmentation

Question 16

May be considered when entity cannot meet a requirement explicitly as stated due to legitimate technical or documented business constraints, but has sufficiently mitigated the risk associated with the requirement through implementation of other controls.

Answer 16

Compensating Controls

Question 17

Entity, typically financial institution, that processes payment card transactions for merchants.

Answer 17

Acquirer (Company/Store’s Bank)

Question 18

Any entity that accepts payment cards bearing the logos of any of the five member of PCI SSD as payment for goods and/or services.

Answer 18

Merchant (Company, Store)

Question 19

Facilitate electronic transactions allowing customers and business to make payments using credit, debit, prepaid cards.

Answer 19

Visa
MasterCard
Discover
American Express
JCP
Union Pay

Question 20

It is based on industry-tested and accepted algorithms. Involves both encryption and hashing.

Encryption is ________, hashing is a _________ process.

Minimum of _____ bits of effective key strength.

Answer 20

Strong Cryptography

reversible
one-way

128

Question 21

Step 1: _______ pays the ______.
Step 2: _______ asks Payment Brand Network to determine the _______.

Step 3: ________ identifies the ______ and seeks approval.
Step 4: ________ approves purchase.

Step 5: _________ sends approval to the ______.
Step 6: ________ forwards approval to the ________.

Step 7: _______ completes purchase.
Step 8: _______ receives receipt.

What process is this called?

Answer 21

Step 1: Cardholder (customer) / Merchant (Store)
Step 2: Acquirer (Store’s Bank) / Issuer (Cardholder’s Bank)

Step 3: Payment Brand Network
Issuer (Cardholder’s Bank)
Step 4:Issuer (Cardholder’s Bank)

Step 5: Payment Brand Network / Acquirer (Store’s Bank)
Step 6: Acquirer (Store’s Bank) / Merchant (Store)

Step 7: Cardholder
Step 8: Cardholder

Authorization

Question 22

Step 1: ______ sends purchase information to ______.

Step 2: ______ sends purchase information to ______ .

Step 3: ______ prepares data for ______ statement.

Step 4: ______ provides complete reconciliation to the ______.

______ process involves the exchange of purchase information between all.

Answer 22

Step 1: Acquirer (Store’s Bank)
Payment Brand Network

Step 2: Payment Brand Network
Issuer (Cardholder’s Bank)

Step 3: Issuer (Cardholder’s Bank)
Cardholder’s

Step 4: Payment Brand Network
Acquirer (Store’s Bank)

Clearing

Question 23

Step 1: ______ identifies ______ through the Payment Brand Network.

Step 2: ______ sends payment to ______ for the complete purchase.

Step 3: ______ pays the ______ for the _______ purchase.

Step 4: _______ bills the ______ for the completed purchases.

______ process ensure that funds are transferred from the cardholders account to the merchant.

Answer 23

Step 1: Issuer (Cardholder’s Bank) /
Acquirer (Store’s bank)

Step 2: Issuer (Cardholder’s bank)
Acquirer (Store’s Bank)

Step 3: Acquirer (Store’s Bank / Merchant (Store) / Cardholder’s

Step 4: Issuer (Cardholder’s Bank) /
Cardholder

Settlement