Pa-dss Quiz January 2013
-
When storing card holder data on disk, sensitive authorization data (SAD) can be stored on disk after authorization as long as it is encrypted.
-
True
-
False
-
About This Quiz
The PA-DSS Quiz January 2013 tests knowledge on data protection standards in payment applications. It covers encryption, secure deletion, key rotation, logging practices, and secure coding, vital for preventing data breaches and ensuring compliance with industry standards.
(159).webp "Pa-dss Quiz January 2013 - Quiz")
Quiz Preview
- 2.
Secure delete refers to process rendering card data unrecoverable after it's been deleted. Typically, unlinking the file from the file system alone is considered unrecoverable
-
True
-
False
Correct Answer
A. FalseExplanation
Secure Delete consists of multiple steps: 1. Overwriting contents with random numbers 2. Rewriting with zeros 3. Unlinking from file systemRate this question:
-
- 3.
The purpose of regular payment application encryption key rotation is to mitigate the risk of the key being guessed by a fraudster using a brute force attack. In the context of PCI, if a manual key change is performed, 2 or more key custodians are required to change a key. However if a key change is automated (i.e. through software), multiple key custodians are not required.
-
True
-
False
Correct Answer
A. TrueExplanation
Regular payment application encryption key rotation is necessary to reduce the likelihood of a fraudster guessing the key through a brute force attack. In the context of PCI, manual key changes require the involvement of 2 or more key custodians to ensure security. However, if the key change process is automated through software, the involvement of multiple key custodians is not necessary. Therefore, the statement that regular payment application encryption key rotation helps mitigate the risk of key guessing and that multiple key custodians are not required for automated key changes is true.Rate this question:
-
- 4.
Payment applications logs can contain date, time, store location, register, amount and the full 16 digit PAN.
-
True
-
False
Correct Answer
A. FalseExplanation
To reduce the risk of PAN's being recovered by fraudsters, the PAN in logs is truncated, typicallyt the first 6 and last 4 digits (i.e. ******7890123****)Rate this question:
-
- 5.
Secure coding includes securiing communications, cryptographic storage and checking for injection and buffer overflow flaws
-
True
-
False
Correct Answer
A. TrueExplanation
The given statement is true because secure coding practices involve various measures to protect the integrity and confidentiality of communications. This includes using encryption and secure protocols to ensure that data is transmitted securely. Additionally, cryptographic storage techniques are employed to safeguard sensitive information such as passwords or credit card details. Furthermore, secure coding involves implementing input validation and sanitization techniques to prevent injection attacks and buffer overflow vulnerabilities, which can be exploited by malicious actors to gain unauthorized access or execute arbitrary code. Therefore, the statement accurately describes the key aspects of secure coding.Rate this question:
-
Quiz Review Timeline (Updated): Jun 19, 2024 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Jun 19, 2024Quiz Edited by
ProProfs Editorial Team -
Jan 15, 2013Quiz Created by
Ajbsoftware
Back to top