Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.

• A.ISO 27005
• B.NIST SP 800-30
• C.OCTAVE
• D.NIST SP 800-53

Comment: *

Name: *

Email: *

Verification: *

Entities involved in payment card processing via mobile devices (like a phone or tablet) can reduce the risks to the security of cardholder data by:

• A.Imputing account data directly into mobile device
• B.Encrypting account data within the mobile device using an approved encryption application
• C.Storing account data withing the mobile device
• D.Encrypting account data at the point of capture using an approved point of interaction device

Comment: *

Name: *

Email: *

Verification: *

Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?

• A.60 days
• B.90 days
• C.180 days
• D.30 days

Comment: *

Name: *

Email: *

Verification: *

PCIPs are required to adhere to the Code of Professional Responsibility, which includes:

• A.Performing subjective evaluation of ethical violations
• B.Comply with industry laws and standards
• C.Perform PCI DSS compliance assessments
• D.Sharing confidential information with other PCIPs

Comment: *

Name: *

Email: *

Verification: *

Who can perform quarterly external vulnerability scans meeting requirement 11.2.2?

• A.Qualified personnel
• B.Any employee
• C.Approved Scanning Vendor (ASV) approved by PCI SSC
• D.IT Security personnel

Comment: *

Name: *

Email: *

Verification: *