Chapter 2 Payment Application Architecture 1. Name and explain in your own words, the three types of external interfaces that connect the PA with devices and applications 3. What is POS API? 4. Name the two main functions the payment processor link supports? 6. Define in your own words the Batch module and process? 7. Describe the Typical Payment Transaction Flow 8. Create the Payment Application Communication and OSI Stack (Table 2-2, P. 35) 9. What is EPS and explain in your own words The Concept of EPS? 10. What are at least two functional types of computers in a typical retail store? Chapter 3 Payment Card Industry (PCI) 1. What is PCI? 2. What is the number of data breaches in the US (retail/ merchant sector only) in 2009? In your own words, explain the significance of this? 3. What are the four PCI Standards? 4. Define PA-DSS? 5. Define PCI DSS? 6. T/F, according to Table 3-3, the merchant is responsible for mitigation of payment application memory 7. T/F, according to Table 3-3, the merchant is responsible for mitigation of Communication over local network 8. T/F, according to Table 3-3, PA Vendor and the merchant is responsible for mitigation of Application code 9. T/F, according to Table 3-3, the merchant is responsible for mitigation of sensitive data storage 10. Define the steps of the Validation process? Chapter 4 Turning 40 Digits into Gold 1. From the Authors point of view, which card is the most secure and why? 2. Name three of the several hallmarks of a card that are supposed to distinguish a genuine payment card from a counterfeited plastic? 3. Name three reasons the author mentions why Security features fail? 4. What are the components of Magnetic Stripe on Track 1? 5. Explain in your own words, what does the acronym PAN stand for? 6. What are the first 6 digits of the PAN called? 7. Describe two reasons why PCI standards allow disclosure of the first six PAN digits? 8. T/F, The first digit of the ISO prefix (and PAN) is called MII (Major Industry Identifier) and, as the name implies, it identifies the industry. 9. T/F, CVV is verified by the acquirers host during the authorization phase when the POS sends full Track 1 or 2 data, or both. 10. T/F, A special programming technique called regular expressions (or regex) is employed to help defend against malware Chapter 5 Penetrating Security Free Zones http://www.winhex.com/winhex/hex-editor.html (Links to an external site.) https://youtu.be/hMIU9X5Q-V0 (Links to an external site.) https://youtu.be/BwQgOgARSYk (Links to an external site.) (Extracting password from browser memory dump using task manager and winHex) Ram Scraping: https://securebox.comodo.com/memory-scraping/?af=7697&gclid=CjwKEAjwi9K4BRCQzq7d1c6A_XASJABueAO2I7x-E_uocbj4-27jFIsokxVvkilyyS8kVhm3qtTmrBoCxa_w_wcB (Links to an external site.) https://youtu.be/9jddzvXMynw (Links to an external site.) 1. Explain in your own words the alert issued from a major credit card agency. Has this changed? 2. Explain in your own words your opinion on the authors statement on requiring payment system vendors to supply secure systems out of the box. 3. Define Ram Scraping? 4. Define WinHex? 5. Which REGEX Instruction provides matching the exact digit when used using a search expression? 6. What is a false positive? 7. What is sniffing? 8. Name an example of a network sniffer application? 9. What is NetScraper and what is it used for? 10. List and explain in your own words ten vulnerabilities that the author mentions?; Chapter 2 Payment Application Architecture 1. Name and explain in your own words, the three types of external interfaces that connect the PA with devices and applications 3. What is POS API? 4. Name the two main functions the payment processor link supports? 6. Define in your own words the Batch module and process? 7. Describe the Typical Payment Transaction Flow 8. Create the Payment Application Communication and OSI Stack (Table 2-2, P. 35) 9. What is EPS and explain in your own words The Concept of EPS? 10. What are at least two functional types of computers in a typical retail store? Chapter 3 Payment Card Industry (PCI) 1. What is PCI? 2. What is the number of data breaches in the US (retail/ merchant sector only) in 2009? In your own words, explain the significance of this? 3. What are the four PCI Standards? 4. Define PA-DSS? 5. Define PCI DSS? 6. T/F, according to Table 3-3, the merchant is responsible for mitigation of payment application memory 7. T/F, according to Table 3-3, the merchant is responsible for mitigation of Communication over local network 8. T/F, according to Table 3-3, PA Vendor and the merchant is responsible for mitigation of Application code 9. T/F, according to Table 3-3, the merchant is responsible for mitigation of sensitive data storage 10. Define the steps of the Validation process? Chapter 4 Turning 40 Digits into Gold 1. From the Authors point of view, which card is the most secure and why? 2. Name three of the several hallmarks of a card that are supposed to distinguish a genuine payment card from a counterfeited plastic? 3. Name three reasons the author mentions why Security features fail? 4. What are the components of Magnetic Stripe on Track 1? 5. Explain in your own words, what does the acronym PAN stand for? 6. What are the first 6 digits of the PAN called? 7. Describe two reasons why PCI standards allow disclosure of the first six PAN digits? 8. T/F, The first digit of the ISO prefix (and PAN) is called MII (Major Industry Identifier) and, as the name implies, it identifies the industry. 9. T/F, CVV is verified by the acquirers host during the authorization phase when the POS sends full Track 1 or 2 data, or both. 10. T/F, A special programming technique called regular expressions (or regex) is employed to help defend against malware Chapter 5 Penetrating Security Free Zones http://www.winhex.com/winhex/hex-editor.html (Links to an external site.) https://youtu.be/hMIU9X5Q-V0 (Links to an external site.) https://youtu.be/BwQgOgARSYk (Links to an external site.) (Extracting password from browser memory dump using task manager and winHex) Ram Scraping: https://securebox.comodo.com/memory-scraping/?af=7697&gclid=CjwKEAjwi9K4BRCQzq7d1c6A_XASJABueAO2I7x-E_uocbj4-27jFIsokxVvkilyyS8kVhm3qtTmrBoCxa_w_wcB (Links to an external site.) https://youtu.be/9jddzvXMynw (Links to an external site.) 1. Explain in your own words the alert issued from a major credit card agency. Has this changed? 2. Explain in your own words your opinion on the authors statement on requiring payment system vendors to supply secure systems out of the box. 3. Define Ram Scraping? 4. Define WinHex? 5. Which REGEX Instruction provides matching the exact digit when used using a search expression? 6. What is a false positive? 7. What is sniffing? 8. Name an example of a network sniffer application? 9. What is NetScraper and what is it used for? 10. List and explain in your own words ten vulnerabilities that the author mentions?