Friday, November 8, 2013

EXAM - PCIP Exam Objectives

The only place I could really determine the scope/objectives of the exam were extracted from a PCIP training course description.

They include:

1.    Principles of PCI DSS, PA-DSS, PTS, P2PE, and PIN Security

2.    Understanding PCI DSS v2.0 requirements and intent (two documents below)

       Payment Card Industry (PCI) Data Security Standard
       Navigating PCI Requirements

3.    Overview of basic payment industry terminology

       How Credit Card Payments Work - video 
       PCI Security Standards Glossary

4.    Appropriate uses of compensating controls

       Refer to Appendices B & C in the following document:
       Payment Card Industry (PCI) Data Security Standard

5.    How and when to use Self-Assessment Questionnaires (SAQs)
       SAQ Info

6.   Recognizing how new technologies affect the PCI (P2PE, tokenization, mobile, cloud)
      Note:  at the seminar I attended we were informed that guidlines and supplemental documents
      were not included in the exam.

       Point to Point Encryption (P2PE) FAQ's             PCI DSS Cloud Computing Guid e lines

7.    PCI Code of Professional Responsibility
       Link to Code of Professional Responsibility

8.   Case study application


  1. Did you ever write the exam, what was the outcome ?

  2. No, not yet. I need to finish my application still.

  3. I am writing it on the 18th. I haven't taken the course. Any advice?

  4. Well first of all good luck!

    Since I haven't sat for this particular exam I can't make any specific suggestions.
    However, a few things that I've done in the past for other exams ...


    - Establish a schedule for your study time in the final week. Spend a good portion on known weak areas.
    - A few days before the exam, I'll drive to the location to make sure that there isn't any construction and to make 100% sure that I know how to get there
    - I usually take the day before off for one final heavy study day and spend about 6-8 hours reviewing material


    - The day of the exam, go through your normal process, that is, wake up at the same time, eat/don't eat breakfast as you usually do, etc.
    - Do light studying in the hours leading up to the exam time, but take the last 1-2 hours to relax and keep your mind clear before walking in.
    - Consider bringing ear plugs. Bring 2 picture ID cards. Don't forget pencils, eyeglasses, etc


    - When the exam starts, do a "brain dump" on memorized information, writing it down on a sheet of paper for reference, that is assuming they let you have a blank sheet of paper.
    - Read the questions carefully. This always costs me a few points as I try to answer too quickly.
    - Do a couple passes on the exam. Answer the obvious questions on the first pass and come back for the ones that need a bit more thought. Sometimes re-reading the question makes the answer more obvious.
    - On the final pass, try to eliminate obviously wrong answers to increase your odds. Select the best answer based on what the PCI council wants to hear, not what your experience tells you.
    - If time remains, review your answers. However, a common idea is that you typically make the most accurate answer on your first pass. So don't "over analyze" your answers.
    - In the final pass, make sure that you've answered every question.

    Best of luck to you! Please let me know how you do.