Quiz: PCI DSS compliance -- Two years later

SearchSecurity.com Security School
This quiz is part of the SearchSecurity.com Compliance School lesson PCI DSS compliance: Two years later. Visit the lesson page or our Security School Course Catalog for additional learning resources.

1. Fill in the blank: According to Visa, level one merchants (as defined by the PCI DSS) must complete an annual on-site audit __________ .

  1. conducted by a Qualified Security Assessor (QSA)
  2. conducted internally, if approved by an officer of the company
  3. either of the above

2. Which response most accurately describes PCI DSS compliance?

  1. The organization can guarantee that credit card data will never be lost.
  2. The organization has followed the rules set forth in the Payment Card Industry Data Security Standard and can offer proof in the form of documentation.
  3. The organization is not liable if credit card data is lost or stolen.
  4. The organization does not store PAN or CVV data under any circumstances.

3. Fill in the blank: In PCI DSS parlance, an ASV is an __________ .

  1. Application Security Vector
  2. Application Service Vendor
  3. Anomalous Software Vulnerability
  4. Approved Scanning Vendor

4. Which of the following can be stored according to the PCI DSS?

  1. Primary Account Number (PAN)
  2. CVV/CVC
  3. PIN blocks
  4. Cardholder names
  5. PANs and cardholder names
  6. PANs and CVVs/CVCs

5. Which of the following Web application security requirements is mandated by the PCI DSS?

  1. Code reviews
  2. Checks to ensure applications are not vulnerable to the OWASP Top 10
  3. Integration of security throughout the software development life cycle
  4. All of the above
  5. None of the above

If you answered two or more questions incorrectly, revisit the materials from SearchSecurity.com's Compliance School lesson PCI DSS compliance: Two years later:

  • Webcast: Reports from the trenches: What is working with PCI DSS
  • Tip: Applying PCI DSS to Web application security
  • Podcast: Countdown: What could PCI DSS 2.0 bring?

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    This was first published in November 2007

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: