Page 1


The safer , easier way to help you pass any IT exams.

Exam

: PCIP3.0

Title

:

Payment Card Industry Professional

Version : V8.02

1 / 7


The safer , easier way to help you pass any IT exams.

1.Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use? A. SAQ C/VT B. SAQ B C. SAQ D D. SAQ A Answer: D 2.Regularly test security systems and processes is the ___________ A. Requirement 9 B. Requirement 11 C. Requirement 12 D. Requirement 10 Answer: B 3.What is the Appendix B on PCI DSS 3.0? A. Compensating Controls B. Additional PCI DSS Requirements for Shared Hosting Providers C. Compensating Controls Worksheet D. Segmentation and Sampling of Business Facilities/System Components Answer: A 4.All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database A. False B. True Answer: A 5.An audit trail history should be available immediately for analysis within a minimum of A. 30 days B. 3 months C. 1 year D. 6 months Answer: B 6.What is the NIST standards that provides password complexity requirements A. 800-57 B. 800-61 C. 800-53 D. 800-63 Answer: D 7.PCI DSS Requirement 5 states that anti-virus software must be: A. Installed on all systems, even those not commonly affected by malware

2 / 7


The safer , easier way to help you pass any IT exams.

B. Installed on all systems commonly affected by malware C. Configured to allow users to disable it as desired D. Updated at least annually Answer: B 8.Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be A. at least as strong as the data-encrypting keys B. less stronger as the data-encrypting keys C. stored at the same location of the data-encrypting key D. stronger than the data-encrypting keys Answer: A 9.The presumption of P2PE is that: A. The data can never be decrypted B. The data cannot be decrypted between the source and the destination points C. The data can be decrypted between the source and the destination points D. Any entity in possession of the ciphertext can easily reverse the encryption process Answer: B 10.PCIPs are required to adhere to the Code of Professional Responsibility, which includes: A. Comply with industry laws and standards B. Performing subjective evaluation of ethical violations C. Sharing confidential information with other PCIPs D. Perform PCI DSS compliance assessments Answer: A 11.SELECT ALL THAT APPLY To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following: A. Location of device B. Make, model of device C. Device serial number or other unique identification D. Proof of purchase Answer: A,B,C 12.Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of Professional Responsibility A. Revocation B. Suspension C. Warning D. Fee

3 / 7


The safer , easier way to help you pass any IT exams.

Answer: A,B,C 13.SELECT ALL THAT MATCHES Examples of two-factor technologies include: A. TACACS with tokens B. Digital Certificates (if unique per ID) C. RADIUS with tokens D. Single Sign On SAML 2.0 Answer: A,B,C 14.The PCI DSS Requirement most closely associated with “Logging” is ____________ A. Requirement 8 B. Requirement 11 C. Requirement 10 D. Requirement 2 Answer: C 15.A digital certificate is a valid for “something you have” as long as it is unique for a particular user. A. False B. True Answer: B 16.Information Supplements provided by the PCI SSC “supersede” or replace PCI DSS requirements A. False B. True Answer: A 17.Which of the following entities will ultimately approve a purchase? A. Merchant B. Payment Transaction Gateway C. Issuing Bank D. Acquiring Bank Answer: C 18.Merchants using P2PE solutions are still required to validate to PCI DSS A. False B. True Answer: B 19.The Information Supplements: (Select ALL that apply) A. Provide additional guidance on specific technologies B. Include recommendations and best practices C. May be used as compensating control replacing one of the requirements D. Do not replace or supersede any PCI standard

4 / 7


The safer , easier way to help you pass any IT exams.

Answer: A,B,D 20.According to requirement 8.1.6 an user ID should be locked out after a maximum how many repeated access attempts? A. 3 B. 4 C. 5 D. 6 Answer: D 21.Merchants using only web-based virtual payment terminals, no electronic cardholder data storage, may be eligible to use what SAQ? A. SAQ C B. SAQ B C. SAQ A D. SAQ C-VT E. SAQ D Answer: D 22.According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time. A. False B. True Answer: B 23.To consider Compensating Controls, one of the following must exist that precludes implementing the stated control: (Select ALL that apply) A. None of the others B. Legitimate Technical Constraint C. Documented Business Constraint D. Time Constraint Answer: B,C 24.The implementation of a Security Awareness Program (Requirement 12.6) requires that personnel must be educated upon hire and at least A. Yearly B. Quarterly C. Every 6 months D. Monthly Answer: A 25.Maintain a policy that addresses information security for all personnel is the ________ A. Requirement 11 B. Requirement 12

5 / 7


The safer , easier way to help you pass any IT exams.

C. Requirement 10 D. Requirement 9 Answer: B 26.To be compliant with requirement 8.1.4 you have to remove/disable inactive user accounts at least every A. 180 days B. 90 days C. 60 days D. 30 days Answer: B 27.Use of a Qualified Integrator/Reeller (QIR): A. ensures PCI DSS compliance B. is required by PCI DSS C. replaces the need for PCI DSS D. is a good step towards PCI DSS compliance Answer: D 28.To render PAN unreadable anywhere it is stored one-way hashes must be implemented based on strong cryptography on A. on the first half of the PAN B. the entire PAN C. on half of the PAN D. on the last half of the PAN Answer: B 29.As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle? A. No access to cardholder data should be permitted B. Number of personnel in the organization C. Maximum priviledge D. Business need to know Answer: D 30.PCI compliance do not apply on Virtualized environments A. True B. False Answer: B 31.When evaluating “above and beyond� for compensating controls, an existing PCI DSS requirement MAY be considered as compensating controls if they are required for another area, but are not required for the item under review A. True

6 / 7


The safer , easier way to help you pass any IT exams.

B. False Answer: A 32.PCI DSS Requirement 3.4 states that PAN must be rendered unreadable when stored. Which of the following may be used to meet this requirement? A. Hashing the entire PAN using strong cryptography B. masking the entire PAN using industry standards C. Encryption of the first six and last four numbers of the PAN D. Hiding the column containing PAN data in the database Answer: A 33.It’s NOT required that all four quarters of passing scan in order to meet requirement 11.2 A. True B. False Answer: B 34.Protect all systems against malware and regularly updated anti-virus software or programs is the ____________ A. Requirement 6 B. Requirement 5 C. Requirement 4 D. Requirement 7 Answer: B 35.Requirement 8.2.3 states that passwords/phrases must contain both numeric and alphabetic characters and a minimum length of at least A. 7 characters B. 6 characters C. 8 characters D. 14 characters Answer: A

7 / 7


Profile for studyguide

Free PCI PCIP3.0 Questions V8.02 | Killtest  

Offer Free PCI PCIP3.0 Questions V8.02 to help you test the high-quality PCIP3.0 exam questions. If you want to pass PCIP3.0 exam with good...

Free PCI PCIP3.0 Questions V8.02 | Killtest  

Offer Free PCI PCIP3.0 Questions V8.02 to help you test the high-quality PCIP3.0 exam questions. If you want to pass PCIP3.0 exam with good...

Advertisement