Tuesday, May 21, 2013

Study Questions - Short Answer

The PCIP exam is multiple choice.

However, "short answer" questions require you to know a specific answer.  This removes the 20% or 25% probability of making an accurate guess.

All questions below were taken from the PCI glossary.

I'm thinking that this would be good flashcard material ...

Answers are at the bottom of this post.


1)   In the context of PCI DSS, this is a method of concealing a segment of data when displayed or printed. This tecnique  is used when there is no business requirement to view the entire PAN. It relates to protection of PAN when displayed or printed. See Truncation for protection of PAN when stored in files, databases, etc.

2)  The main computer hardware on which computer software is resident.

3)  Hardware and/or software technology that protects network resources from unauthorized access. This item permits or denies computer traffic between networks with different security levels based upon a set of rules and other criteria.

4)  This test attempts to exploit vulnerabilities to determine whether unauthorized access or other malicious activity is possible.

5)  For the purposes of the PCI DSS, a ___________ is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services.

6)  Authentication and authorization data repository utilized for querying and modifying user permissions and granting access to protected internal resources.

 7)  Process of rendering cardholder data unreadable by converting data into a fixed-length message digest via Strong Cryptography. This is a (mathematical) function in which a non-secret algorithm takes any arbitrary length message as input and produces a fixed length output

8)  Device that allows wireless communication devices to connect to a wireless network. Usually connected to a wired network, it can relay data between wireless devices and wired devices on the network.

9)  Flaw or weakness which, if exploited, may result in an intentional or unintentional compromise of a system.

10)  Chronological record of system activities. Provides an independently verifiable trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results.



1)  Masking

2)  Host 

3)  Firewall

4)  Penetration test 

5)  Merchant

6)  Lightweight Directory Access Protocol (LDAP)

7)  Hashing

8)  Wireless Access Point or "AP"

9)  Vulnerability

10)  Audit log or Audit trail


No comments:

Post a Comment