Join the discussion
Question 1/34
If an entity shares cardholder data with a TPSP, what activity is the entity required to perform?
Correct Answer: D
PCI DSSRequirement 12.8.4mandates that an entitymonitor the compliance status of third-party service providers (TPSPs) at least annually, especially when those TPSPs store, process, or transmit account data on the entity's behalf.
* Option A:Incorrect. Entities are not responsible for conducting ASV scans on TPSPs.
* Option B:Incorrect. There is no quarterly risk assessment requirement for TPSPs.
* Option C:Incorrect. Incident response testing for TPSPs is not a direct responsibility of the entity.
* Option D:Correct. Annual monitoring of TPSP compliance is explicitly required.
* Option A:Incorrect. Entities are not responsible for conducting ASV scans on TPSPs.
* Option B:Incorrect. There is no quarterly risk assessment requirement for TPSPs.
* Option C:Incorrect. Incident response testing for TPSPs is not a direct responsibility of the entity.
* Option D:Correct. Annual monitoring of TPSP compliance is explicitly required.
Add Comments
- Other Question (34q)
- Q1. If an entity shares cardholder data with a TPSP, what activity is the entity required to p...
- Q2. What does the PCI PTS standard cover?
- Q3. Could an entity use both the Customized Approach and the Defined Approach to meet the same...
- Q4. Where can live PANs be used for testing?
- Q5. According to Requirement 1, what is the purpose of "Network Security Controls"?...
- Q6. Which scenario describes segmentation of the cardholder data environment (CDE) for the pur...
- Q7. What does the PCI PTS standard cover?
- Q8. What should the assessor verify when testing that cardholder data Is protected whenever It...
- Q9. A "Partial Assessment" is a new assessment result. What is a "Partial Assessment"?...
- Q10. Which of the following parties is responsible for completion of the Controls Matrix for th...
- Q11. Which of the following is a requirement for multi-tenant service providers?...
- Q12. In the ROC Reporting Template, which of the following is the best approach for a response ...
- Q13. Where an entity under assessment is using the customized approach, which of the following ...
- Q14. Which statement about the Attestation of Compliance (AOC) is correct?...
- Q15. Which of the following is true regarding compensating controls?...
- Q16. An internal NTP server that provides time services to the Cardholder Data Environment is?...
- Q17. A retail merchant has a server room containing systems that store encrypted PAN data. The ...
- Q18. According to the glossary, "bespoke and custom software" describes which type of software?...
- Q19. Assigning a unique ID to each person is intended to ensure?...
- Q20. What do PCI DSS requirements for protecting cryptographic keys include?...
- Q21. A network firewall has been configured with the latest vendor security patches. What addit...
- Q22. What must the assessor verify when testing that PAN is protected whenever it is sent over ...
- Q23. If disk encryption is used to protect account data, what requirement should be met for the...
- Q24. Which statement is true regarding the presence of both hashed and truncated versions of th...
- Q25. What is the intent of classifying media that contains cardholder data?...
- Q26. Which statement is true regarding the PCI DSS Report on Compliance (ROC)?...
- Q27. Passwords for default accounts and default administrative accounts should be?...
- Q28. Which statement about PAN is true?
- Q29. Which of the following meets the definition of "quarterly" as indicated in the description...
- Q30. An entity accepts e-commerce payment card transactions and stores account data in a databa...
- Q31. At which step in the payment transaction process does the merchant's bank pay the merchant...
- Q32. Which of the following is required to be included in an incident response plan?...
- Q33. Which of the following can be sampled for testing during a PCI DSS assessment?...
- Q34. Which of the following is true regarding internal vulnerability scans?...
