PCIP Assessment Procedures & Reporting Obligations

Question 1

What is the first step in a PCI DSS assessment?

Accepted Answer

Scoping

Answer

Remediation

Answer

Validation

Answer

Reporting

Question 2

Who typically conducts a PCI DSS onsite assessment?

Accepted Answer

Qualified Security Assessor

Answer

Internal IT staff

Answer

Bank auditor

Answer

HR manager

Question 3

Which document summarizes the outcome of a PCI DSS assessment?

Accepted Answer

Report on Compliance (ROC)

Answer

Incident response plan

Answer

Change management policy

Answer

Firewall log

Question 4

What is the purpose of the Self-Assessment Questionnaire (SAQ)?

Accepted Answer

Assess compliance internally

Answer

Create system architecture diagrams

Answer

Encrypt database files

Answer

Scan for vulnerabilities

Question 5

How often must a PCI DSS assessment be completed?

Accepted Answer

Annually

Answer

Monthly

Answer

Quarterly

Answer

Every 5 years

Question 6

Which phase follows identification of non-compliance?

Accepted Answer

Remediation

Answer

Validation

Answer

Enforcement

Answer

Discovery

Question 7

What is included in the Attestation of Compliance (AOC)?

Accepted Answer

Summary of compliance validation

Answer

Payment receipts

Answer

Internal audits

Answer

Firewall settings

Question 8

Who must receive the completed ROC and AOC?

Accepted Answer

Acquiring bank/card brands

Answer

Employees

Answer

IT department

Answer

Public users

Question 9

Which action is required after a failed assessment?

Accepted Answer

Remediate and reassess

Answer

Ignore the results

Answer

Start over after one year

Answer

Report only part of the findings