Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 15: PCI Compliance for Merchants

Full screen (f)
exit full mode
Question
Which of the following is considered cardholder data?

A) Service code
B) Full magnetic stripe data
C) Security code
D) PIN
Use Space or
up arrow
down arrow
to flip the card.
Question
Which of the following is considered sensitive authentication data?

A) Expiration date
B) Primary account number
C) Full magnetic stripe data
D) Cardholder name
Question
PCI compliance validation is composed of four merchant levels. Which of the following levels requires conducting an annual onsite evaluation?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Question
Which of the following statements best describes a data security compliance assessment?

A) A self-assessment questionnaire
B) An annual onsite evaluation of compliance with PCI DSS
C) A compliance requirement conducted by the merchant bank
D) A compliance report submitted by the internal security assessor
Question
Which of the following requirements is part of the "Build and maintain a secure network and systems" PCI DSS core principle?

A) Protect stored card data.
B) Restrict physical access to cardholder data.
C) Do not use vendor-supplied defaults for system passwords and security parameters.
D) Track and monitor all access to network resources and cardholder data.
Question
Which of the following requirements is part of the "Protect cardholder data" PCI DSS core principle?

A) Maintain a policy that addresses cybersecurity for all personnel.
B) Develop and maintain secure systems and architecture.
C) Restrict physical access to cardholder data.
D) Protect stored card data.
Question
Which of the following requirements is part of the "Maintain a vulnerability management program" PCI DSS core principle?

A) Install and maintain a firewall configuration to protect cardholder data.
B) Develop and maintain secure systems and architecture.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
Question
Which of the following requirements is part of the "Implement strong access control measures" PCI DSS core principle?

A) Restrict access to cardholder data by business need-to know.
B) Develop and maintain secure systems and applications.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
Question
According to the Federal Trade Commission, consumers reported how much in losses due to fraud each year during the last few years?

A) More than $90 million
B) More than $125 million
C) More than $550 million
D) More than $900 million
Question
The Fair Credit Billing Act (FCBA) states that the maximum liability for unauthorized credit card use is how much?

A) $25
B) $50
C) $75
D) $100
Question
According to the PCI Security Standards Council (PCI SSC), which of the following refers to any entity that accepts American Express, Discover, JCB, MasterCard, or Visa as payment for goods and/or services?

A) Acquirer
B) Service provider
C) Merchant
D) Approved Scanning Vendor (ASV)
Question
Which of the following refers to a document that Qualified Security Assessors (QSAs) use to validate organizations that must be PCI DSS-compliant?

A) DESV
B) FCBA
C) EFTA
D) QSA
Question
Which of the following PCI compliance validation levels includes requirements that are set by the merchant bank?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Question
Which of the following is not an example of cardholder data?

A) Primary account number
B) PIN number
C) Service code
D) Expiration date
Question
Which of the following is not considered sensitive authentication data?

A) Full magnetic stripe data
B) CAV2 code
C) Expiration date
D) CVC2 code
Question
Which of the following refers to organizations that have been qualified by the PCI Security Standards Council to have their employees assess compliance to the PCI DSS standard?

A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) All of the above
Question
Which of the following refers to organizations that validate adherence to certain PCI DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers?

A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) None of the above
Question
Which category of the PCI DSS self-assessment questionnaire (SAQ) is applicable only to e-commerce channels who outsource all payment processing to PCI DSS validated third-party providers?

A) SAQ A
B) SAQ A-EP
C) SAQ B
D) SAQ P2PE
Question
Which of the following fines can be applied to all organizations under PCI regulation?

A) DCRS for compromised international-issued cards
B) PCI noncompliance
C) ADCR for compromised domestic-issued cards
D) All of the above
Question
Which of the following merchant level categories includes any merchant-regardless of acceptance channel-processing one million to six million Visa transactions per year?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/20
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 15: PCI Compliance for Merchants
1
Which of the following is considered cardholder data?

A) Service code
B) Full magnetic stripe data
C) Security code
D) PIN
Service code
2
Which of the following is considered sensitive authentication data?

A) Expiration date
B) Primary account number
C) Full magnetic stripe data
D) Cardholder name
Full magnetic stripe data
3
PCI compliance validation is composed of four merchant levels. Which of the following levels requires conducting an annual onsite evaluation?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Level 1
4
Which of the following statements best describes a data security compliance assessment?

A) A self-assessment questionnaire
B) An annual onsite evaluation of compliance with PCI DSS
C) A compliance requirement conducted by the merchant bank
D) A compliance report submitted by the internal security assessor
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following requirements is part of the "Build and maintain a secure network and systems" PCI DSS core principle?

A) Protect stored card data.
B) Restrict physical access to cardholder data.
C) Do not use vendor-supplied defaults for system passwords and security parameters.
D) Track and monitor all access to network resources and cardholder data.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following requirements is part of the "Protect cardholder data" PCI DSS core principle?

A) Maintain a policy that addresses cybersecurity for all personnel.
B) Develop and maintain secure systems and architecture.
C) Restrict physical access to cardholder data.
D) Protect stored card data.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following requirements is part of the "Maintain a vulnerability management program" PCI DSS core principle?

A) Install and maintain a firewall configuration to protect cardholder data.
B) Develop and maintain secure systems and architecture.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following requirements is part of the "Implement strong access control measures" PCI DSS core principle?

A) Restrict access to cardholder data by business need-to know.
B) Develop and maintain secure systems and applications.
C) Protect all systems against malware and regularly update antivirus software.
D) Encrypt transmission of cardholder data across open, public networks.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
9
According to the Federal Trade Commission, consumers reported how much in losses due to fraud each year during the last few years?

A) More than $90 million
B) More than $125 million
C) More than $550 million
D) More than $900 million
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
10
The Fair Credit Billing Act (FCBA) states that the maximum liability for unauthorized credit card use is how much?

A) $25
B) $50
C) $75
D) $100
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
11
According to the PCI Security Standards Council (PCI SSC), which of the following refers to any entity that accepts American Express, Discover, JCB, MasterCard, or Visa as payment for goods and/or services?

A) Acquirer
B) Service provider
C) Merchant
D) Approved Scanning Vendor (ASV)
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following refers to a document that Qualified Security Assessors (QSAs) use to validate organizations that must be PCI DSS-compliant?

A) DESV
B) FCBA
C) EFTA
D) QSA
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following PCI compliance validation levels includes requirements that are set by the merchant bank?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is not an example of cardholder data?

A) Primary account number
B) PIN number
C) Service code
D) Expiration date
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is not considered sensitive authentication data?

A) Full magnetic stripe data
B) CAV2 code
C) Expiration date
D) CVC2 code
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following refers to organizations that have been qualified by the PCI Security Standards Council to have their employees assess compliance to the PCI DSS standard?

A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) All of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following refers to organizations that validate adherence to certain PCI DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers?

A) Qualified Security Assessors (QSAs)
B) Internal Security Assessors (ISAs)
C) Approved Scanning Vendors (ASVs)
D) None of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
18
Which category of the PCI DSS self-assessment questionnaire (SAQ) is applicable only to e-commerce channels who outsource all payment processing to PCI DSS validated third-party providers?

A) SAQ A
B) SAQ A-EP
C) SAQ B
D) SAQ P2PE
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following fines can be applied to all organizations under PCI regulation?

A) DCRS for compromised international-issued cards
B) PCI noncompliance
C) ADCR for compromised domestic-issued cards
D) All of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following merchant level categories includes any merchant-regardless of acceptance channel-processing one million to six million Visa transactions per year?

A) Level 1
B) Level 2
C) Level 3
D) Level 4
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree