Question 1

Which function is associated with acquirers?

Options :

A : Prepares the cardholder-s statement and completes reconciliation to the issuer

B : Provide authorization, clearing and settlement services to an issuer

C : Prepares the cardholder-s statements and completes reconciliation to the merchant

D : Provide authorization, clearing and settlement services to a merchant

Answer: D

Question 2

What is true regarding the use of compensating controls?

Options :

A : Compensating controls do not need to be documented

B : Controls must be in place to ensure compensating controls remain effective after they've been assessed

C : Compensating controls increase the risk to the organizations

D : Compensating controls cannot be changed once they've been implemented

Answer: B

Question 3

A "Partial Assessment" is a new assessment definition. What is defined as a "Partial Assessment"?

Options :

A : An assessment with at least one requirement that is marked as "Not Tested".

B : A terminology that is used by the payment brands and the acquirers to define entities that have multiple payment channels. Each channel has its own assessment

C : An intermidiary state before the final ROC has been completed.

D : A ROC that has been completed after using an SAQ to determine which requirements should be tested, as per FAQ 1331. (As long as the entity meets the SAQ’s eligibility criteria).

Answer: A

Question 4

Level 1 and 2 merchants must include_______ as the part of their PCI-DSS compliance validation reporting process?

Options :

A : Sensitive authentication data (SAD)

B : A copy of their risk assessment

C : A report from their QSA

D : ASV scan results

Answer: D

Question 5

When should penetration testing be performed?

Options :

A : At least quarterly, and after any change to user access or file access permission

B : At least annually, and after any change to user access permission

C : At least quarterly, and after any significant changes to the network

D : At least annually, and after any significant changes to infrastructure or applications

Answer: D