PCI DSS sets the foundation for other PCI Standards and related...
QIR Implementation Statement is a template used to document the...
The Payment Card Industry (PCI) Qualified Integrators and Resellers...
The Implementation Guide and Implementation Statement are to be used...
Account Data includes cardholder data and/or sensitive authentication...
The QIR Employee Additional Observations, of the Implementation...
The Payment Card Industry Data Security Standard (PCI DSS) is managed...
The second section of the QIR Implementation Statement, or...
Many PA-DSS requirements are derived from PCI DSS Requirements and...
The QIR Company must review, at least annually, updates to the...
For wireless environments connected to the cardholder data environment...
The status of a QIR Company or QIR Employee is initially Good...
Track data, also referred to as "full track data" or...
You are the lead QIR performing an upgrade for a customer site. You...
The goal of the QIR Program is to educate, qualify and train...
PCI DSS requirements are applicable wherever primary account number...
Account data includes all of the information printed on the physical...
Sensitive authentication data is not stored post-authorization.
By signing the Implementation Statement, the customer acknowledges the...
A QIR must ensure that all QIR personnel with access to any customer...
The QIR program aims to assure quality and provide effective feedback...
A QIR Company may only sell validated application versions.
The Implementation Statement Summary is used to provide...
If the QIR company does not maintain at least one QIR Employee, the...
PA-DSS defines the specific technical requirements and provides...
In accordance with the PCI DSS Requirement 2.1, the QIR ensures that...
There does not have to be a firewall on every Internet connection...
PA-DSS requirements apply to application vendors, to develop and...
Firewalls should be installed between the CDE and all wireless access...
QIR Implementation Instructions is a guidance document used to explain...
What are the Implementation Statement sections (select all that...
If there are a number of QIR Employees leading Qualified...
Prior to the Qualified Installation, the customer should be provided...
Name the two types of validated Payment Applications:
QIR Qualification Requirements define requirements that must be...
It is best practice to require passwords have a minimum length...
The Lead QIR Employee is required to sign the _______________...
Core responsibilities as a QIR include (select all that apply):
One of the requirements of a QIR Company is that they must be either...
PCI DSS requirements do not apply to systems that provide security...
There is a difference between cardholder data and sensitive...
Records observations or details that the customer should be aware...
The QIR Company must at all times employee at least ___ QIR...
Which of the following is an example of a secure network...
A trusted network is the network of an organization that is within the...
PAN should be rendered unreadable anywhere it's stored.
Who is responsible for a Merchant's PCI Compliance?
Which of the following is not true of acquirers?
How often does each validated payment application undergo attestation,...
Which is an example of two factor authentication?
Organizations qualified by the PCI SSC to implement, configure and/or...
Includes items identified in the Details section that require...
When an engagement ends, the QIR Company must perform clean-up tasks...
PCI DSS Requirement 10 focuses on ____________, and the ability to...
When reviewing the Implementation Statement Summary with the client,...
Where should a firewall be implemented on a network that facilitates...
Which of the following should the lead QIR do for the customer, as...
Where a Qualified Installation involves multiple locations, the QIR...
In preparation for a Qualified Installation, the Lead QIR employee,...
PCI PTS PIN Security covers secure management, processing, and...
The QIR Employee should have confidence that the customer understands...
What date and year, in the PCI DSS and PA-DSS lifecycle, do the new...
What is the standard for vetting off-the-shelf payment applications...
What is the last step in the payment processing workflow?
Changes to the PCI DSS and PA DSS, follow a _______ lifecycle, to...
Compliance validation requirements vary by payment brand.
The PCI SSC Listing Number, Payment Application Vendor, Payment...
What is P2PE?
If the QIR provides services to the customer that could potentially...
The QIR Program focuses on two core objectives (select all that...
Where should payment application logs be stored?
Sensitive authentication data can be stored after authorization, if...
What is PCI PA-DSS?
_________: Standards Published, occurs in October of year 1, after the...
Select the PCI SSC stakeholders, who give input for proposed...
What does PCI DSS cover?
If the QIR Company suspects one of their customer's has been...
What takes place in the Authorization portion of the payment...
Will the PCI SSC do nothing, if they receive enough...
It is best practice to implement only one primary function per server...
At what point during the Qualified Installation should you direct the...
At this stage in the PCI DSS and PA-DSS lifecycle, feedback collected...
If aspects of the installation were performed by parties other than...
What does ISA stand for?
Which is an example of sensitive authentication data?
Which is true of PA-DSS?
Select the types of Qualified Installations:
QIR Employees must requalify every ___________.
Includes required signatures for the customer acceptance and the QIR...
Which is an example of cardholder data?
Stage 2 occurs in October of Year 1, after the Council's annual...
According to PCI DSS Requirement 3, the only cardholder data that may...
What is the 2nd step in the payment processing workflow?
Records details about the customer, the QIR Company, and QIR Employees...
Records details about the activities performed by the QIR Employee...
Which of the following is not a responsibility of an ASV?
Who is responsible for validating the scope of a PCI DSS assessment?
If the customer requested the application be configured in a way that...
What is the definition of cardholder data?
In what stage of the PCI DSS and PA-DSS lifecycle, is feedback given...
_________: Market Implementation occurs through Year 1, and...
If the customer connects from one secure system on the network to...
The QIR Employee must confirm that the application being installed is...
On December 31st, every _______ in the PCI DSS lifecycle, the old PCI...
PCI PTS - HSM covers device tamper detection, cryptographic processes,...
The ___________________ is an independent industry standards body...
Any non-console administrative access to systems in the CDE, including...
Which is true of utilizing remote access to install or provide ongoing...