1 / 51

The annual Solinor PCI DSS quiz

The annual Solinor PCI DSS quiz. Solinor Oy. Multiple choice. Reviewing firewall rules. Firewall rules must be reviewed at least: Annually Every six months Quarterly Every month Daily. Saving payment card information.

junius
Download Presentation

The annual Solinor PCI DSS quiz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The annual Solinor PCI DSS quiz Solinor Oy

  2. Multiple choice

  3. Reviewing firewall rules • Firewall rules must be reviewed at least: • Annually • Every six months • Quarterly • Every month • Daily

  4. Saving payment card information • According to the PCI DSS, which of the following pieces of data is allowed to be saved by default? • The security code, CVV2 • The information on the magnetic stripe, Track-2 • The payment card number, PAN • The password, PIN • None of the above

  5. Audit trail storage • For at least how long must audit trail history be stored? • 1 year • 3 years • 5 years • 10 years

  6. Storing payment card information • At least how frequently must payment card data that has passed its retention time be purged? • Daily • Every month • Quarterly • Annually

  7. Server hardening • Which of the following is not a PCI DSS-recommended party for server hardening guidelines? • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdminAudit Network Security (SANS) Institute • National Institute of Standards Technology (NIST) • Computer Emergency Response Team (CERT)

  8. The correct answers?

  9. Reviewing firewall rules • Firewall rules must be reviewed at least: • Annually • Every six months (1.1.7) • Quarterly • Every month • Daily

  10. Reviewing firewall rules

  11. Saving payment card information • According to the PCI DSS, which of the following pieces of data is allowed to be saved by default? • The security code, CVV2 • The information on the magnetic stripe, Track-2 • The payment card number, PAN (3.2) • The password, PIN • None of the above

  12. Saving payment card information

  13. Audit trail storage • For at least how long must audit trail history be stored? • 1 year (10.7) • 3 years • 5 years • 10 years

  14. Audit trail storage

  15. Storing payment card information • At least how frequently must payment card data that has passed its retention time be purged? • Daily • Every month • Quarterly (3.1) • Annually

  16. Storing payment card information

  17. Server hardening • Which of the following is not a PCI DSS-recommended party for server hardening guidelines? • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdminAudit Network Security (SANS) Institute • National Institute of Standards Technology (NIST) • Computer Emergency Response Team (CERT) (2.2)

  18. Server hardening

  19. Specific questions

  20. Question 1 Which parties does the PCI DSS concern?

  21. Question 1 - answer

  22. Question 2 Is the use of an FTP or telnet server allowed in a PCI DSS environment?

  23. Question 2 - answer (2.2.2b, 2.2.3)

  24. Question 3 According to the PCI DSS, what type of ticket system needs to be used in software development?

  25. Question 3 – answer (n/a) • The standard does not have specific requirements regarding the use of ticket systems in software development :)

  26. Question 4 According to the PCI DSS, when is it allowed to store the CVV2 security code or the information on the magnetic stripe?

  27. Question4 – answer(3.2)

  28. Question 5 According to the PCI DSS, when must a risk assessment process be carried out?

  29. Question5 – answer(12.2)

  30. Question 6 Who is allowed to see full unmasked payment card numbers?

  31. Question6 – answer(12.2)

  32. Question 7 According to the PCI DSS, what are the minimum criteria that a password must meet?

  33. Question 7– answer(8.2.3)

  34. Question 8 What information must a visitor log contain at the very least?

  35. Question8 – answer(9.4.4)

  36. Question 9 Which encryption algorithm is required by the PCI DSS when encrypting payment card information?

  37. Question9 – answer(3.4)

  38. Super bonus questions

  39. Question 1 Which four main level requirements does the PCI DSS set for reviewing code? 4p

  40. Question1 – answer (6.3.2)

  41. Question 2 What are the methods defined by the PCI DSS for protecting plain text payment card numbers? 4p

  42. Question2 – answer(3.4)

  43. Question 3 Which four things must be documented in change control procedures for the implementation of security patches and software modification? 4p

  44. Question3 – answer (6.4.5)

  45. Question 4 Which three main requirements does the PCI DSS set for the software development process? 3p

  46. Question4 – answer(6.3)

  47. Question 5 According to the PCI DSS, what are some of the methods that can be used to detect unauthorized wireless access points? 4p

  48. Question5 – answer(11.1)

  49. GIGA HYPER GOLD BONUS 1 Which are the seven main level things that need to be addressed in an incident response plan? (IRP?) 7p

  50. GOLD BONUS 1 – answer(12.10.1)

More Related