PCI DSS FUNDAMENTALS EXAM 2023 REAL
EXAM 120 QUESTIONS AND CORRECT
ANSWERS|AGRADE(VERIFIED ANSWERS)
Which of the following are examples of service providers?
(choose all that apply)
a) Data Center hosting providers
b) Telcom providers (only communication link)
c) Payment Gateways
d) ISOs – ANSWER- a) Data Center hosting providers
c) Payment Gateways
d) ISOs
Which of the following are parts of the Payment Brand role?
(Select all that apply)
a) Offer training for QSAs, PA-QSA and ASVs
b) Endorse QSA, PA-QSA and ASV company qualification criteria
c) Develop and enforce compliance programs
d) Accept validation documentation from QSAs, PA-QSA and ASVs – ANSWERb) Endorse QSA, PA-QSA and ASV company qualification criteria
c) Develop and enforce compliance programs
d) Accept validation documentation from QSAs, PA-QSA and ASVs
Merchant obligations may include submitting their compliance status to multiple
entities.
a) True
b) False – ANSWER- a) True
The decision about a merchant’s level is made by the :
a) Merchant’s acquirer
b) Merchant’s QSA
c) Merchant
d) Payment Brands – ANSWER- a) Merchant’s acquirer
Level 1 and 2 merchants must include __ as part of their PCI DSS
compliance validation reporting process?
a) A report from their QSA
b) sensitive authentication data (SAD)
c) ASV scan results
d) A copy of their risk assessment – ANSWER- c) ASV scan results
Which of the following could PA-DSS apply to?
a) Custom payment application endorsed by the PCI SSC
b) Third-party payment application designed for one company
c) Third-party, “off-the-shelf” payment application
d) Custom payment application used by one company – ANSWER- c) Third-party,
“off-the-shelf” payment application
The presumption of P2PE is that:
a) The data connect be decrypted between the source and the destination points
b) The data can never be decrypted
c) The data can be decrypted between the source and the destination points
d) Any entity in possession of the ciphertext can easily reversed the encryption
process. – ANSWER- a) The data connect be decrypted between the source and the
destination points
Merchants using P2PE solutions are still required to validate to PCI-DSS
a) True
b) False – ANSWER- a) True
Which entity is responsible for developing and enforcing compliance programs?
a) Issuers
b) Acquirers
c) PCI SSC
d) Payment card brands – ANSWER- d) Payment card brands
Which entity is responsbile for forensic investigations of account data
compromise?
a) Payment brands
b) QSA/ISA
c) PCI SSC
d) QIR – ANSWER- a) Payment brands
Account data consists of _________and ___________?
a) Cardholder Names, PANs
b) PANs, PINs
c) Cardholder Data, PANs
d) Cardholder Data, Sensitive Authentication Data – ANSWER- d) Cardholder
Data, Sensitive Authentication Data
Storing Track data is permitted when .
a) it is being stored by issuers with a business justification
b) it is encrypted by the merchant storing it
c) it is reported to the PCI SSC annually in a ROC
d) it is hashed by the merchant storing it – ANSWER- a) it is being stored by
issuers with a business justification
When scoping an environment for PCI DSS, it is important to identify
________. (Select all that apply)
a) Components that store cardholder data
b) Business facilities involved in processing transactions
c) All flows of cardholder data
d) Personnel with access to cardholder data – ANSWER- a) Components that store
cardholder data
b) Business facilities involved in processing transactions
c) All flows of cardholder data
Which of these devices can be used to provide network segmentation controls?
(select all that apply)
a) File servers
b) Firewalls
c) Switches
d) Routers – ANSWER- b) Firewalls
d) Routers
If virtualization technologies are used in a cardholder data environment:
a) The virtualization technologies are not in scope for PCI DSS
b) Virtualization technologies should not be used in the cardholder data
environment