For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice CPA®CPA ISC Practice Exam 4Question 11

Hard1 markMultiple Choice

Area II: SecurityPCI DSSData ProtectionArea II

CPA · Question 11 · Area II: Security

An auditor is evaluating a company's compliance with PCI DSS Requirement 3 (Protect stored cardholder data). The auditor finds that the Primary Account Number (PAN) is displayed in full on the customer service representative's screen. Which specific control is missing?

Answer options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

How to approach this question

Differentiate between storage protection (encryption) and display protection (masking).

Full Answer

C.Masking✓ Correct

Masking

Masking is the specific technique used to obscure specific digits of the PAN when displayed on screens or paper receipts (e.g., XXXXXX-1234).

Common mistakes

Confusing encryption (storage) with masking (display).

Question 10 All questions Question 12

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →