Home > Quiz: PCI DSS compliance -- Two years later
Quiz:
EMAIL THIS

Quiz: PCI DSS compliance -- Two years later

16 Nov 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

((Content component not found.)) This quiz is part of the SearchSecurity.com Compliance School lesson PCI DSS compliance: Two years later. Visit the lesson page or our Security School Course Catalog for additional learning resources.

1. Fill in the blank: According to Visa, level one merchants (as defined by the PCI DSS) must complete an annual on-site audit __________ .

  1. conducted by a Qualified Security Assessor (QSA)
  2. conducted internally, if approved by an officer of the company
  3. either of the above

2. Which response most accurately describes PCI DSS compliance?

  1. The organization can guarantee that credit card data will never be lost.
  2. The organization has followed the rules set forth in the Payment Card Industry Data Security Standard and can offer proof in the form of documentation.
  3. The organization is not liable if credit card data is lost or stolen.
  4. The organization does not store PAN or CVV data under any circumstances.

3. Fill in the blank: In PCI DSS parlance, an ASV is an __________ .

  1. Application Security Vector
  2. Application Service Vendor
  3. Anomalous Software Vulnerability
  4. Approved Scanning Vendor

4. Which of the following can be stored according to the PCI DSS?

  1. Primary Account Number (PAN)
  2. CVV/CVC
  3. PIN blocks
  4. Cardholder names
  5. PANs and cardholder names
  6. PANs and CVVs/CVCs

5. Which of the following Web application security requirements is mandated by the PCI DSS?

  1. Code reviews
  2. Checks to ensure applications are not vulnerable to the OWASP Top 10
  3. Integration of security throughout the software development life cycle
  4. All of the above
  5. None of the above

If you answered two or more questions incorrectly, revisit the materials from SearchSecurity.com's Compliance School lesson PCI DSS compliance: Two years later:

  • Webcast: Reports from the trenches: What is working with PCI DSS
  • Tip: Applying PCI DSS to Web application security
  • Podcast: Countdown: What could PCI DSS 2.0 bring?

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Compliance and regulations
    Encryption basics: How asymmetric and symmetric encryption works
    SIEM systems streamline compliance processes, offer security benefits
    Tips to achieve PCI compliance
    How to choose an external compliance auditor
    Using a privacy impact assessment template for DPA compliance
    PCI DSS checklist: Mistakes and problem areas to avoid
    The elements of a compliance-oriented architecture
    Wireless network guidelines for PCI DSS compliance
    PCI DSS requirement: Implement strong access control procedures
    How to choose full disk encryption for laptop security, compliance

    Compliance Regulation and Standard Requirements
    PCI DSS requirements still baffling as compliance deadline approaches
    Make PCI DSS compliance easier by reducing scope, outsourcing data
    Cloud computing compliance: Exploring data security in the cloud
    Encryption basics: How asymmetric and symmetric encryption works
    SIEM systems streamline compliance processes, offer security benefits
    No major PCI DSS revision expected in 2010
    PCI QSAs, certifications to get new scrutiny
    Tips to achieve PCI compliance
    PCI DSS requirements: Get ready for stricter enforcement, fines
    Data Protection Act breach could cost companies 500,000 pounds

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Basel II  (SearchSecurityUK.com)
    Code of Connection (CoCo)  (SearchSecurityUK.com)
    EU Data Protection Directive  (SearchSecurityUK.com)
    Financial Services Authority  (SearchSecurityUK.com)
    IFRS (International Financial Reporting Standards)  (SearchSecurityUK.com)
    UK Identity Cards Act  (SearchSecurityUK.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    • UK Network Security: VPN, Threat Management, Endpoint Protection, Wireless Security
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2010, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts