PCI Compliance Test

10 Questions | By Ajbsoftware

- +

Test your knowledge of PCI-DSS and PA-DSS Compliance with these 10 questions. A 'PASS' grade is 70% and your score will be revealed at the end of this quiz.

Questions and Answers

1.

A commercial payment product has been PA-DSS 1.2.1 validated by a PA-QSA. It is also listed on the PCI Security Standards Council Website as a validated payment application. As a result, the product is guaranteed to be PCI-DSS compliant when deployed in the merchant’s environment.

Discuss
- A.
  
  True
- B.
  
  False
2.

Track Data can not be stored in a payment application after authorization.

Discuss
- A.
  
  True
- B.
  
  False
3.

A customer is using an operating system (OS) that is no longer supported by the OS vendor. However, payment vendor can PA-DSS validate payment product on the unsupported OS using compensating controls which is allowed under the rules of PA-DSS

Discuss
- A.
  
  True
- B.
  
  False
4.

It is acceptable to store the PAN# in clear text as long as the PAN# is purged after authorization.
- A.
  
  True
- B.
  
  False
5.

Strong passwords are used to mitigate brute force attacks. Typically strong passwords are at least 7 characters long, contain alpha, numeric, special and upper lower case
- A.
  
  True
- B.
  
  False
6.

Encryption key management is an optional PA-DSS requirement to be used only if the customer requests encryption requirements above and beyond PCI.
- A.
  
  True
- B.
  
  False
7.

Starting January 1, 2012, merchants will have to validate their CDE to PCI-DSS 2.0. As a result, payment software validated against PA-DSS 1.2.1 will no longer be valid after December 31, 2011.

Discuss
- A.
  
  True
- B.
  
  False
8.

If a payment product is deployed in such away at the customers CDE, that the payment product never stores,processes or handles credit card data, PA-DSS is not in scope. Examples of this include products that only process loyalty cards.
- A.
  
  True
- B.
  
  False
9.

A PA-DSS policy exception should be used to document a security breach when card data is stolen.
- A.
  
  True
- B.
  
  False
10.

A PCI pre-engagement check list form is used to determine if a payment vendor's PA-DSS validated application can meet the PCI-DSS requirements of a merchant customer. For example, determine if the customer is using an OS that the vendor's payment application was PA-DSS validated against.
- A.
  
  True
- B.
  
  False

Back to top

Related Quizzes

Featured Quizzes