تكلم مع الذكاء الاصطناعي
Deck 15: PCI Compliance for Merchants
ملء الشاشة (f)
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
فتح الحزمة
قم بالتسجيل لفتح البطاقات في هذه المجموعة!
Unlock Deck
Unlock Deck
1/20
العب
ملء الشاشة (f)
Deck 15: PCI Compliance for Merchants
1
Which of the following is considered cardholder data?
A) Service code
B) Full magnetic stripe data
C) Security code
D) PIN
A) Service code
B) Full magnetic stripe data
C) Security code
D) PIN
Service code
2
Which of the following is considered sensitive authentication data?
A) Expiration date
B) Primary account number
C) Full magnetic stripe data
D) Cardholder name
A) Expiration date
B) Primary account number
C) Full magnetic stripe data
D) Cardholder name
Full magnetic stripe data
3
PCI compliance validation is composed of four merchant levels. Which of the following levels requires conducting an annual onsite evaluation?
A) Level 1
B) Level 2
C) Level 3
D) Level 4
A) Level 1
B) Level 2
C) Level 3
D) Level 4
Level 1
4
Which of the following statements best describes a data security compliance assessment?
A) A self-assessment questionnaire
B) An annual onsite evaluation of compliance with PCI DSS
C) A compliance requirement conducted by the merchant bank
D) A compliance report submitted by the internal security assessor
A) A self-assessment questionnaire
B) An annual onsite evaluation of compliance with PCI DSS
C) A compliance requirement conducted by the merchant bank
D) A compliance report submitted by the internal security assessor
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
5
Which of the following requirements is part of the "Build and maintain a secure network and systems" PCI DSS core principle?
A) Protect stored card data.
B) Restrict physical access to cardholder data.
C) Do not use vendor-supplied defaults for system passwords and security parameters.
D) Track and monitor all access to network resources and cardholder data.
A) Protect stored card data.
B) Restrict physical access to cardholder data.
C) Do not use vendor-supplied defaults for system passwords and security parameters.
D) Track and monitor all access to network resources and cardholder data.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
6
Which of the following requirements is part of the "Protect cardholder data" PCI DSS core principle?
A) Maintain a policy that addresses cybersecurity for all personnel.
B) Develop and maintain secure systems and architecture.
C) Restrict physical access to cardholder data.
D) Protect stored card data.
A) Maintain a policy that addresses cybersecurity for all personnel.
B) Develop and maintain secure systems and architecture.
C) Restrict physical access to cardholder data.
D) Protect stored card data.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
7
Which of the following requirements is part of the "Maintain a vulnerability management program" PCI DSS core principle?
A) Install and maintain a firewall configuration to protect cardholder data.
B) Develop and maintain secure systems and architecture.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
A) Install and maintain a firewall configuration to protect cardholder data.
B) Develop and maintain secure systems and architecture.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
8
Which of the following requirements is part of the "Implement strong access control measures" PCI DSS core principle?
A) Restrict access to cardholder data by business need-to know.
B) Develop and maintain secure systems and applications.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
A) Restrict access to cardholder data by business need-to know.
B) Develop and maintain secure systems and applications.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
9
According to the Federal Trade Commission, consumers reported how much in losses due to fraud each year during the last few years?
A) More than $90 million
B) More than $125 million
C) More than $550 million
D) More than $900 million
A) More than $90 million
B) More than $125 million
C) More than $550 million
D) More than $900 million
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
10
The Fair Credit Billing Act (FCBA) states that the maximum liability for unauthorized credit card use is how much?
A) $25
B) $50
C) $75
D) $100
A) $25
B) $50
C) $75
D) $100
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
11
According to the PCI Security Standards Council (PCI SSC), which of the following refers to any entity that accepts American Express, Discover, JCB, MasterCard, or Visa as payment for goods and/or services?
A) Acquirer
B) Service provider
C) Merchant
D) Approved Scanning Vendor (ASV)
A) Acquirer
B) Service provider
C) Merchant
D) Approved Scanning Vendor (ASV)
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
12
Which of the following refers to a document that Qualified Security Assessors (QSAs) use to validate organizations that must be PCI DSS-compliant?
A) DESV
B) FCBA
C) EFTA
D) QSA
A) DESV
B) FCBA
C) EFTA
D) QSA
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
13
Which of the following PCI compliance validation levels includes requirements that are set by the merchant bank?
A) Level 1
B) Level 2
C) Level 3
D) Level 4
A) Level 1
B) Level 2
C) Level 3
D) Level 4
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
14
Which of the following is not an example of cardholder data?
A) Primary account number
B) PIN number
C) Service code
D) Expiration date
A) Primary account number
B) PIN number
C) Service code
D) Expiration date
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
15
Which of the following is not considered sensitive authentication data?
A) Full magnetic stripe data
B) CAV2 code
C) Expiration date
D) CVC2 code
A) Full magnetic stripe data
B) CAV2 code
C) Expiration date
D) CVC2 code
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
16
Which of the following refers to organizations that have been qualified by the PCI Security Standards Council to have their employees assess compliance to the PCI DSS standard?
A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) All of the above
A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) All of the above
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
17
Which of the following refers to organizations that validate adherence to certain PCI DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers?
A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) None of the above
A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) None of the above
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
18
Which category of the PCI DSS self-assessment questionnaire (SAQ) is applicable only to e-commerce channels who outsource all payment processing to PCI DSS validated third-party providers?
A) SAQ A
B) SAQ A-EP
C) SAQ B
D) SAQ P2PE
A) SAQ A
B) SAQ A-EP
C) SAQ B
D) SAQ P2PE
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
19
Which of the following fines can be applied to all organizations under PCI regulation?
A) DCRS for compromised international-issued cards
B) PCI noncompliance
C) ADCR for compromised domestic-issued cards
D) All of the above
A) DCRS for compromised international-issued cards
B) PCI noncompliance
C) ADCR for compromised domestic-issued cards
D) All of the above
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
20
Which of the following merchant level categories includes any merchant-regardless of acceptance channel-processing one million to six million Visa transactions per year?
A) Level 1
B) Level 2
C) Level 3
D) Level 4
A) Level 1
B) Level 2
C) Level 3
D) Level 4
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
فتح الحزمة
k this deck
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 20 في هذه المجموعة.
