IS3445 CHAP 10 MAINTAINING PCI DSS COMPLIANCE FOR E-COMMERCE WEB SITES Flashcards Preview

IS3445 SEC WEB APPS > IS3445 CHAP 10 MAINTAINING PCI DSS COMPLIANCE FOR E-COMMERCE WEB SITES > Flashcards

Flashcards in IS3445 CHAP 10 MAINTAINING PCI DSS COMPLIANCE FOR E-COMMERCE WEB SITES Deck (18)
Loading flashcards...
1
Q

___ is a processing strategy in which transactions are not handled immediately; rather, receipts are collected and processed as a batch.

A

Batch processing

2
Q

___ is a protocol within the TCP/IP protocol suite designed to synchronize clocks of computer systems over packet-switched networks.

A

(NTP) Network Time Protocol

3
Q

___ occurs when companies send their information to third party service providers for storage, processing or transmission.

A

Outsourcing

4
Q

___ is a set of standards designed to help organizations that process credit card payments prevent fraud by having increased control over data and its exposure.

A

(PCI DSS) Payment Card Industry Data Security Standard

5
Q

___ is a credit card transaction in which processing is immediate.

A

Real time processing

6
Q

___ is a unique client identifier sent over a wireless network as a simple password that is used for authentication between a wireless client and and access point.

A

(SSID) Service set identifier

7
Q

___ is a person trained to conduct PCI DSS Security Assessments.

A

(QSA) Qualified Security Assessor

8
Q

___ is data encryption method used on 802.11 wireless LANs.

A

(WPA)Wi-Fi Protected Access

9
Q
  1. Because it is a perimeter defense strategy, a firewall is not a critical element of cardholder data security.
    TRUE OR FALSE
A

FALSE

10
Q
  1. You are tasked with designing a security policy for cardholder data. Which of the following are recommended security strategies for cardholder data? (Select three)
  2. Verify that data is retained for a limited period of time.
  3. Verify that user groups are used to access sensitive data areas
  4. Verify that data is disposed of properly.
  5. Verify that passwords are encrypted during transmission.
A

Verify that data is retained for a limited period of time.

Verify that data is disposed of properly.

Verify that passwords are encrypted during transmission.

11
Q
  1. Use WEP to secure communications sent over a wired network.
    TRUE OR FALSE
A

FALSE

12
Q
  1. Which of the following elements are typically examined during a PCI DSS Security Assessment? (Select two)
  2. Firewalls
  3. Network hardware
  4. Employee background
  5. Cached files
A

Firewalls

Network hardware

13
Q
  1. When credit card transactions are handled in ___, receipts are often collected over a day or week and then sent in as multiple sets of information.
A

Batch processing

14
Q
  1. PSS DSS is a set of standards designed to help organizations that process credit card payments prevent fraud by having increased control over data and its exposure.
    TRUE OR FALSE
A

TRUE

15
Q
  1. When credit card transactions are handled in ___, a consumer’s credit card is debited immediately to complete a purchase.
A

Real-time processing

16
Q
  1. You are attempting to synchronize your Web server to online timekeeping. which of the following protocols are responsible for managing system time?
  2. TTP
  3. TNP
  4. NTP
  5. CTP
A

NTP

17
Q
  1. Which of the following firewall considerations are recommended by the PCI Security Standards Council? (Select three).
  2. Use open source firewall systems
  3. Block unused ports
  4. Use host-based firewall systems on mobile computers
  5. Conduct periodic reviews of firewall and router set rules.
A

Block unused ports

Use host-based firewall systems on mobile computers

Conduct periodic reviews of firewall and router set rules.

18
Q
  1. Merchants should develop a two factor authentication scheme o protect access to cardholder data.
    TRUE OR FALSE
A

TRUE