PCIP3.0 by PCI Actual Free Exam Questions And Answers

Question 1

Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?

A. FTP

B. RLogon

C. Telnet

D. SSH

Discussion 0

Correct Answer: D Vote an answer

Question 2

According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.

A. False

B. True

Discussion 0

Correct Answer: B Vote an answer

Question 3

All other merchants (not included in the descriptions for SAQs A, B, or C) and all service providers defined by a payment brand as eligible to complete an SAQ may be completing what SAQ?

A. SAQ C

B. SAQ D

C. SAQ A

D. SAQ B

Discussion 0

Correct Answer: B Vote an answer

Question 4

Use of a Qualified Integrator/Reeller (QIR):

A. is required by PCI DSS

B. ensures PCI DSS compliance

C. is a good step towards PCI DSS compliance

D. replaces the need for PCI DSS

Discussion 0

Correct Answer: C Vote an answer

Question 5

SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:

A. Device serial number or other unique identification

B. Location of device

C. Proof of purchase

D. Make, model of device

Discussion 0

Correct Answer: A,B,D Vote an answer

Question 6

The presumption of P2PE is that:

A. The data can be decrypted between the source and the destination points

B. Any entity in possession of the ciphertext can easily reverse the encryption process

C. The data can never be decrypted

D. The data cannot be decrypted between the source and the destination points

Discussion 0

Correct Answer: D Vote an answer

Question 7

If virtualization technologies are used in a cardholder data environment:

A. Entities using virtualization technologies should complete SAQ C

B. The virtualization technologies are included in scope for PCI DSS

C. Virtualization technologies should not be used in the cardholder data environment

D. The virtualization technologies are not in scope for PCI DSS

Discussion 0

Correct Answer: B Vote an answer

Question 8

Intrusion-detection and/or intrusion-prevention techniques are NOT a requirement to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the CDE and alert personnel to suspected compromises.

A. False

B. True

Discussion 0

Correct Answer: A Vote an answer

Question 9

PCI DSS Requirement 1 covers:

A. Installation of anti-virus software

B. Secure development of DMZ applications and systems

C. Masking of PAN wherever it is displayed

D. Implementation of firewalls between the CDE and untrusted networks

Discussion 0

Correct Answer: D Vote an answer

PCI Payment Card Industry Professional - PCIP3.0 Exam Practice Test

Contact Us

Useful Links

Latest Updated