Payment Card Industry Professional (PCIP3.0) Free Practice Test

Question 1

PCI DSS Requirement 5 states that anti-virus software must be:

A. Installed on all systems commonly affected by malware

B. Updated at least annually

C. Installed on all systems, even those not commonly affected by malware

D. Configured to allow users to disable it as desired

Correct Answer: A

Question 2

Payment cards has typically 2 tracks, track 1 and track 2 that has respectively how many characters in length?

A. 40 and 16

B. 16 and 40

C. 79 and 40

D. 40 and 79

Correct Answer: C

Question 3

As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?

A. Number of personnel in the organization

B. Business need to know

C. Maximum priviledge

D. No access to cardholder data should be permitted

Correct Answer: B

Question 4

For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).

A. False

B. True

Correct Answer: B

Question 5

Regularly test security systems and processes is the ___________

A. Requirement 10

B. Requirement 9

C. Requirement 11

D. Requirement 12

Correct Answer: C

Question 6

Who can perform quarterly external vulnerability scans meeting requirement 11.2.2?

A. Approved Scanning Vendor (ASV) approved by PCI SSC

B. Qualified personnel

C. Any employee

D. IT Security personnel

Correct Answer: A

Question 7

Methods for stealing payment card data include:

A. Physical skimming

B. Weak passwords

C. All of the options are correct

D. Malware

Correct Answer: C

Question 8

What is the Appendix A on PCI DSS 3.0?

A. Cloud Computing Guidelines

B. Compensating Controls

C. Segmentation and Sampling of Business Facilities/System Components

D. Additional PCI DSS Requirements for Shared Hosting Providers

Correct Answer: D

Question 9

Entities involved in payment card processing via mobile devices (like a phone or tablet) can reduce the risks to the security of cardholder data by:

A. Encrypting account data at the point of capture using an approved point of interaction device

B. Imputing account data directly into mobile device

C. Encrypting account data within the mobile device using an approved encryption application

D. Storing account data withing the mobile device

Correct Answer: A

Welcome to TestSimulate

PCI Payment Card Industry Professional (PCIP3.0) Free Practice Test