The PCIP exam is multiple choice.
However, "short answer" questions require you to know a specific answer. This removes the 20% or 25% probability of making an accurate guess.
All questions below were taken from the PCI glossary.
I'm thinking that this would be good flashcard material ...
Answers are at the bottom of this post.
=========================================
1) In the context of PCI DSS, this is a method of concealing a segment of
data when displayed or printed. This tecnique is used when there is no
business requirement to view the entire PAN. It relates to
protection of PAN when displayed or printed. See Truncation for
protection of PAN when stored in files, databases, etc.
2) The main computer hardware on which computer software is resident.
3) Hardware and/or software technology that protects network resources from
unauthorized access. This item permits or denies computer traffic
between networks with different security levels based upon a set of
rules and other criteria.
4) This test attempts to exploit
vulnerabilities to determine whether unauthorized access or other
malicious activity is possible.
5) For the purposes of the PCI DSS, a ___________
is defined as any entity that accepts payment cards bearing the logos of
any of the five members of PCI SSC (American Express, Discover, JCB,
MasterCard or Visa) as payment for goods and/or services.
6) Authentication and authorization data repository utilized for querying
and modifying user permissions and granting access to protected internal
resources.
7) Process of rendering cardholder data unreadable by converting data into a
fixed-length message digest via Strong Cryptography. This is a
(mathematical) function in which a non-secret algorithm takes any
arbitrary length message as input and produces a fixed length output
8) Device that allows wireless communication devices to connect to a
wireless network. Usually connected to a wired network, it can relay
data between wireless devices and wired devices on the network.
9) Flaw or weakness which, if exploited, may result in an intentional or unintentional compromise of a system.
10) Chronological record of system activities. Provides an independently
verifiable trail sufficient to permit reconstruction, review, and
examination of sequence of environments and activities surrounding or
leading to operation, procedure, or event in a transaction from
inception to final results.
============================================
ANSWERS
1) Masking
2) Host
3) Firewall
4) Penetration test
5) Merchant
6) Lightweight Directory Access Protocol (LDAP)
7) Hashing
8) Wireless Access Point or "AP"
9) Vulnerability
10) Audit log or Audit trail
No comments:
Post a Comment