PCI Compliance Test! Trivia Quiz

10 Questions | By Ajbsoftware | Last updated: Mar 22, 2022 | Total Attempts: 8383

Questions

Settings

Create your own Quiz

Below is a PCI compliance test! If you want to pay your bill using your credit or debit card, you want to know that your information will not be used for other reasons other than the transactions you have verified to do. Take this quiz and get to see some of the major PCI guidelines and how effective they actually are.

Questions and Answers

1.

A commercial payment product has been PA-DSS 1.2.1 validated by a PA-QSA. It is also listed on the PCI Security Standards Council Website as a validated payment application. As a result, the product is guaranteed to be PCI-DSS compliant when deployed in the merchant’s environment.
- A.
  
  True
- B.
  
  False
2.

Track Data can not be stored in a payment application after authorization.
- A.
  
  True
- B.
  
  False
3.

A customer is using an operating system (OS) that is no longer supported by the OS vendor. However, payment vendor can PA-DSS validate payment product on the unsupported OS using compensating controls which is allowed under the rules of PA-DSS
- A.
  
  True
- B.
  
  False
4.

It is acceptable to store the PAN# in clear text as long as the PAN# is purged after authorization.
- A.
  
  True
- B.
  
  False
5.

Strong passwords are used to mitigate brute force attacks. Typically strong passwords are at least 7 characters long, contain alpha, numeric, special and upper lower case
- A.
  
  True
- B.
  
  False
6.

Encryption key management is an optional PA-DSS requirement to be used only if the customer requests encryption requirements above and beyond PCI.
- A.
  
  True
- B.
  
  False
7.

Starting January 1, 2012, merchants will have to validate their CDE to PCI-DSS 2.0. As a result, payment software validated against PA-DSS 1.2.1 will no longer be valid after December 31, 2011.
- A.
  
  True
- B.
  
  False
8.

If a payment product is deployed in such away at the customers CDE, that the payment product never stores,processes or handles credit card data, PA-DSS is not in scope. Examples of this include products that only process loyalty cards.
- A.
  
  True
- B.
  
  False
9.

A PA-DSS policy exception should be used to document a security breach when card data is stolen.
- A.
  
  True
- B.
  
  False
10.

A PCI pre-engagement check list form is used to determine if a payment vendor's PA-DSS validated application can meet the PCI-DSS requirements of a merchant customer. For example, determine if the customer is using an OS that the vendor's payment application was PA-DSS validated against.
- A.
  
  True
- B.
  
  False