PCI DSS Requirements Overview

Question 1

___________ applies wherever account data is stored, processed, or transmitted.

Answer 1

PCI DSS

Question 2

Account data consists of 1️⃣_______________ and/or 2️⃣_____________

Answer 2

1️⃣ cardholder data

2️⃣ sensitive authentication data (SAD)

Question 3

Many people refer to All account data to simply __________

Answer 3

Cardholder Data

Question 4

PCI DSS requirements are applicable wherever 1️⃣_____________ or 2️⃣_____________ is stored, processed, or transmitted

Answer 4

1️⃣ Primary Account Number (PAN)

2️⃣ Sensitive Authentication Data (SAD)

Question 5

PCI DSS requirements also apply to systems that provide 1️⃣____________ or could impact the security of 2️⃣__________

Answer 5

1️⃣ Security Services

2️⃣ Account data

Question 6

Account data includes all of the information printed on 1️⃣__________ as well as the data on the 2️⃣__________or 3️⃣________

Answer 6

1️⃣ physical card
2️⃣ magnetic stripe
3️⃣ chip

Question 7

______________ cannot be stored after authorization

Answer 7

Sensitive Authentication Data (SAD)

Question 8

Encrypting cardholder data or sensitive authentication data does NOT necessarily remove it from scope. (True/False)

Answer 8

True

Question 9

PAN, Cardholder Name, Expiration Date, and service code are example of

Answer 9

Cardholder Data

Question 10

Full magnetic stripe data (for equivalent on chip), CAV2/CVC2/CVV2/CID, and PINs/PIN blocks are example of

Answer 10

sensitive authentication data (SAD)

Question 11

Merchants are not permitted to store the track equivalent data following authorization (True/False)

Answer 11

True

Question 12

Track equivalent data found on the chip ________ from the track data found on the magnetic stripe, as the chip track data contains a unique Chip CVV/CVC Code.

This prevents criminals from producing cloned magnetic stripe cards from chip track data.

Answer 12

Differs

Question 13

Cardholder data flows between and through 1️⃣__________,2️⃣___________,3️⃣_____________________

Answer 13

1️⃣applications
2️⃣systems
3️⃣network infrastructure devices

Question 14

It is very important to document all cardholder data flows prior to beginning any assessment activities (True/False)

Answer 14

True

Question 15

An ____________ should be developed to identify all systems that store, process, or transmit cardholder data

Answer 15

Inventory

Question 16

Information to be maintained in the inventory could include:

Answer 16

⚫️System name
⚫️Cardholder data stored 
⚫️Reason for storage 
⚫️ Retention period
⚫️Protection mechanism

Question 17

Cardholder data is stored in both 1️⃣____________ and 2️⃣___________ locations on most networks.

Answer 17

1️⃣known

2️⃣unknown

Question 18

Cardholder data can ___________ on known storage locations

Answer 18

Leak out

Question 19

Having a good ________ could be the starting point to identify cardholder data storage locations

Answer 19

Inventory

Question 20

It is not permitted to store full track data or other sensitive authentication data after authorization. (True/False)

Answer 20

True