PCI Compliance Test! Trivia Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Ajbsoftware
A
Ajbsoftware
Community Contributor
Quizzes Created: 2 | Total Attempts: 9,180
| Attempts: 9,120 | Questions: 10
Please wait...
Question 1 / 10
0 %
0/100
Score 0/100
1. Encryption key management is an optional PA-DSS requirement to be used only if the customer requests encryption requirements above and beyond PCI.

Explanation

Payment application must implement key
management processes and procedures for
cryptographic keys used for encryption of
cardholder data

Submit
Please wait...
About This Quiz
PCI Compliance Test! Trivia Quiz - Quiz

Below is a PCI compliance test! If you want to pay your bill using your credit or debit card, you want to know that your information will not... see morebe used for other reasons other than the transactions you have verified to do. Take this quiz and get to see some of the major PCI guidelines and how effective they actually are.
see less

2. It is acceptable to store the PAN# in clear text as long as the PAN# is purged after authorization. 

Explanation

Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:
• One-way hashes based on strong cryptography (hash must be of the entire PAN)
• Truncation (hashing cannot be used to replace the truncated segment of PAN)
• Index tokens and pads (pads must be securely stored)
• Strong cryptography with associated key-management processes and procedures

Submit
3. Strong passwords are used to mitigate brute force attacks.    Typically strong passwords are at least 7  characters long, contain alpha, numeric, special and upper lower case

Explanation

Require a minimum password length of at least seven characters

Submit
4. Track Data can not be stored in a payment application after authorization.

Explanation

Do not store sensitive authentication data after authorization (even if encrypted). Sensitive authentication data consists of magnetic stripe (or track) data6, card validation code or value7, and PIN data8. Storage of sensitive authentication data after authorization is prohibited! This data is very valuable to malicious individuals as it allows them to generate counterfeit payment cards and create fraudulent transactions

Submit
5. A PCI pre-engagement check list form is used to determine if a payment vendor's PA-DSS validated application can meet the PCI-DSS requirements of a merchant customer.   For example, determine if the customer is using an OS that the vendor's payment application was PA-DSS validated against.   

Explanation

The main purpose of PA-DSS validation from a customers point of view is liability shift. When installed correctly in the customers CDE as per the payment vendors installation guide, card fraud liability shifts from the merchants PCI-DSS to the payment vendors PA-DSS if a forensic audit proves that the vendors payment application was at fault.

Submit
6. A commercial payment product has been PA-DSS 1.2.1 validated by a PA-QSA.   It is also listed on the PCI Security Standards Council Website as a validated payment application.   As a result, the product is guaranteed to be PCI-DSS compliant when deployed in the merchant's environment.

Explanation

Payment application vendors can only state in the engagement contracts that products are PA-DSS validated when installed correctly in the customers CDE. Vendor can not guarantee that merchants who use vendor payment products will be PCI-DSS validated since a ‘PASS’ PCI-DSS report of compliance (RoC) is at the discretion of the merchant QSA.

Submit
7. If a payment product is deployed in such away at the customers CDE, that the payment product never stores,processes or handles credit card data, PA-DSS is not in scope.   Examples of this include products that only process loyalty cards.

Explanation

Only card holder data (i.e. PAN and track data) is in PCI scope.

Submit
8. A PA-DSS policy exception should be used to document a security breach when card data is stolen.    

Explanation

A payment vendor PA-DSS policy exception should be used when a customer can not meet PA-DSS requirements due to business, operational or technical constraints. For example, disable PAN encryption at the PIN PAD to perform transaction troubleshooting. A policy exception is used to state to the customer, that a risk of a card breach is increased, not that a breach has already occured.

Submit
9. A customer is using an operating system (OS) that is no longer supported by the OS vendor.  However,  payment vendor can PA-DSS validate payment product on the unsupported OS using compensating controls which is allowed under the rules of PA-DSS

Explanation

If an OS is no longer supported by an OS vendor, an application can not be PA-DSS validated against it. PA-DSS does not allow compensating controls.

Submit
10. Starting January 1, 2012, merchants will have to validate their CDE to PCI-DSS 2.0.   As a result, payment software validated against PA-DSS 1.2.1 will no longer be valid after December 31, 2011.

Explanation

Payment software validated validated to PA-DSS 1.2.1 software can still be used as long as it has not yet expired and no modifcations have been made to the paymemt application covered in the RoV. For example, for software PA-DSS validated on December 1, 2009, the expiry will be December 1, 2012 if the validated software has not changed from a PCI requirements point of view.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 01, 2011
    Quiz Created by
    Ajbsoftware
Cancel
  • All
    All (10)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Encryption key management is an optional PA-DSS requirement to be...
It is acceptable to store the PAN# in clear text as long as the...
Strong passwords are used to mitigate brute force...
Track Data can not be stored in a payment application after...
A PCI pre-engagement check list form is used to determine if a payment...
A commercial payment product has been PA-DSS 1.2.1 validated...
If a payment product is deployed in such away at the customers...
A PA-DSS policy exception should be used to document a security breach...
A customer is using an operating system (OS) that is no longer...
Starting January 1, 2012, merchants will have to validate their...
Alert!

Advertisement