Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Metrics > Security Metrics > Flashcards

Security Metrics Flashcards

1
Q

What does PCI mean?

A

Payment Card Industry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does DSS mean?

A

Data Security Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SSC

A

Security Standards Council

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

System components that are likely in scope for your environment.

A
  • Networking devices
  • Servers
  • Switches
  • Routers
  • Computing devices
  • Applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CDE

A

Cardholder Data Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SAQ

A

Self Assessment Questionnaire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How many different SAQ Types are there and what is the overriding distinction between them?

A

Nine.

It’s determined by the methods you use to accept, process, store payments and card data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some reasons I can use for the increase in PCI fee?

A

PCI DSS 4.0

  • Enhanced to meet the security needs of the payments industry
  • **as technology progresses we reap benefits but this is one of the drawbacks amongst all the benefits
  • Enhance validation measures and procedures
  • Authentication info is now required to be encrypted (pre-authorization). Before it was merely recommended
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PAN

A

Primary Account Number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SAQ-A

A
  • Card not present only
  • Entirely outsourced
  • No storage on site
  • All handled by PCI DSS compliant 3rd party
  • Card payments are via a re-direct to 3rd-party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAQ A-EP

A
  • Merchant only accept E-commerce transactions
  • All cardholder data, except the payment page, is outsourced to 3rd party
  • Your e-commerce website does not receive cardholder data but does direct them to 3rd party
  • Your company does not store, process, or transmit cardholder data on your systems or premises
  • Any cardholder data your company retains is on paper, and not received electronically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SAQ B

A
  • company only uses a knucklebuster or standalone dial-out terminals to take payment information
  • the standalone, dial-out terminals are not connected to any other systems
  • the standalone, dial-out terminals are not connected to the Internet
  • CHD is stored on paper, not electronically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SAQ B-IP

A
  • Standalone IP devices
  • Standalone IP devices are not connected to any other systems in your environment
  • Standalone IP device does not rely on any other device to connect to payment processor
  • Your company does not store cardholder data electronically
  • Paper receipts, no electronic receipts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SAQ C

A
  • Your business has a payment app system and an internet connection on the same device
  • The payment application isn’t connected to any other systems in your environment
  • Paper only cardholder data storage and not electronic storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SAQ C-VT

A
  • Your company only processes payments through a virtual payment terminal accessed by an internet-connected web browser
  • Your company’s virtual terminal is hosted by a PCI DSS 3rd-party service provider
  • Your computer is not connected to other locations or systems within your environment
  • Your computer does not store cardholder data
  • There is not attached hardware that captures or stores CHD
  • Paper only storage and not received electronically
  • Your company does not store cardholder data in electronic format
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SAQ P2PE

A
  • All payments processed through a PCI P2PE solution approved and listed by the PCI SSC
  • The POI (Point of Interaction) is the only device in the environment that holds electronic CHD
  • No other device can hold cardholder data (paper storage okay)
  • Receipts held are paper only, not electronic
  • Your business has implemented all controls in P2PE Instruction Manual provided by P2PE Solution Provider
17
Q

SAQ D (Merchants - there is also a “Service Providers” version)

A
  • This is for merchants who don’t meet the criteria for any other SAQ type
  • For merchants who store card info electronically and don’t use a P2PE certified POS systems
  • May have elements of other SAQ types but also store data
18
Q

PCI DSS 4.0

A

Upgraded from PCI DSS 3.2 to ensure standard continues to meet security needs of payment industry, promote security as a continuous process and enhance validation methods and procedures.

Security Metrics (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions