PCIP ACTUAL EXAM 200 QUESTIONS AND CORRECT ANSWERS 2023-2024 UPDATE ALREADY GRADED A+ WITH EXPERT FEEDBACK If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies. A. False B. True - ANSWER- Correct Answer: B The presumption of P2PE is that cardholder data in transit is protected when it is encrypted to the extent that an entity in possession of the ciphertext alone can easily reverse the encryption process A. False B. True - ANSWER- Correct Answer: A Encrypting account data at the point of capture is one way an entity involved in payment card processing via mobile devices can actively help in controlling risks to the security of cardholder data. A. True B. False - ANSWER- Correct Answer: A In order to be considered a compensating control, which of the following must exist? A. A legitimate technical constraint and a documented business constraint. B. A legitimate technical constraint. C. A legitimate technical constraint of a documented business constraint. D. A documented business constraint. - ANSWER- Correct Answer: C PCI DSS Requirement 1 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) - ANSWER- Correct Answer: A PCI DSS Requirement 2 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) - ANSWER- Correct Answer: B PCI DSS Requirement 3 A. Install and maintain a firewall configuration to protect cardholder data B. Do not use vendor supplied defaults for system passwords and other security parameters C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) - ANSWER- Correct Answer: C PCI DSS Requirement 4 A. Install and maintain a firewall configuration to protect cardholder data B. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods C. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) D. Use and regularly update anti-virus software or programs - ANSWER- Correct Answer: C PCI DSS Requirement 5 A. Use and regularly update anti-virus software or programs B. Protected Cardholder Data during transmission over the internet, wireless networks or other open access networks or systems (GSM, GPRS, etc.) C. Protect stored cardholder data by enacting a formal data retention policy and implement secure deletion methods D. Do not use vendor supplied defaults for system passwords and other security parameters - ANSWER- Correct Answer: A PCI DSS Requirement 6 A. Use and regularly update anti-virus software or programs B. Develop and maintain secure systems and applications C. Assign a unique ID to each person with computer access D. Restrict access to cardholder data by business need to know - ANSWER- Correct Answer: B