APRP Data Security & Privacy

Question 1

What is the primary objective of the Payment Card Industry Data Security Standard (PCI DSS)?

Accepted Answer

To protect cardholder data and reduce payment card fraud

Answer

To establish interest rate caps on payment card transactions

Answer

To regulate the fees charged by card networks to merchants

Answer

To standardize payment card form factors across all issuers

Question 2

Under PCI DSS, which data element is NEVER permitted to be stored after transaction authorization?

Accepted Answer

Full magnetic stripe data (track data)

Answer

Primary Account Number (PAN)

Answer

Cardholder name

Answer

Card expiration date

Question 3

A merchant stores customer PANs in a database. Under PCI DSS, which method is acceptable for protecting stored PANs?

Accepted Answer

Encrypting PANs using strong cryptography with proper key management

Answer

Storing PANs in plain text within a secured physical data center

Answer

Hashing PANs using MD5 for storage efficiency

Answer

Masking PANs only on screen displays but storing them in clear text

Question 4

What does 'tokenization' accomplish in a payment security context?

Accepted Answer

It replaces sensitive cardholder data with a non-sensitive surrogate value (token)

Answer

It encrypts cardholder data using a symmetric key

Answer

It segments the payment network to isolate cardholder data

Answer

It authenticates cardholders using biometric verification

Question 5

Which US federal law primarily governs the privacy of nonpublic personal financial information held by financial institutions, including payment service providers?

Accepted Answer

Gramm-Leach-Bliley Act (GLBA)

Answer

Health Insurance Portability and Accountability Act (HIPAA)

Answer

Children's Online Privacy Protection Act (COPPA)

Answer

Electronic Communications Privacy Act (ECPA)

Question 6

What is the purpose of network segmentation in a payment card data environment?

Accepted Answer

To isolate the cardholder data environment from untrusted networks and reduce PCI DSS scope

Answer

To increase transaction throughput by distributing processing load

Answer

To enable real-time fraud scoring across multiple data centers

Answer

To comply with anti-money laundering reporting requirements