$1.$ What are some common risks, threats, and vulnerabilities found in the system$/$application domain that must be mitigated with proper security countermeasures?

$2.$If your company makes software to accept credit card payments, what standard would you use to measure and audit your software security?

$3.$Which three PCI requirements are most relevant to the system$/$application domain?

$4.$Your production system is regularly backed up$,$ and some of the data is used for testing and developing a new application interface. Is this in compliance with PCI DSS$?$

$5.$Why is it a risk to use production data for development?

$6.$What are some options, according to PCI DSS$,$ to protect external$-$facing Web applications from known attacks?

$7.$To perform a PCI DSS compliance audit on your e$-$commerce Web site, what should you incorporate into Requirement #$6,$Develop and Maintain Secure Systems & Applications$?$

$8.$What do you recommend this organization implement for privacy data storage on long$-$term data storage devices?

$9.$To perform a PCI DSS compliance audit, what elements must be on your audit checklist that pertain to the system or application domain?

$10.$Performing a vulnerability assessment on PCI DSS production systems, servers, and applications requires what applications and tools?