IT Security Interview Questions‎ pg.3

37.  What are some of the major changes  between PCI 2.0 and 3.0?
-One thing is that that they PCI 3.0 wants you to test for skimmers on card swipe machines.

38. So you have several clients that want to communicate to a third party client and send data. What would you do?
-I would make sure that the communication between the clients and the third party is encrypted using SSL for example.

38 1/2. OK so a followup is that enough? In other words let's say you are using SSL to encrypt the communication, is this enough?
-It's good for encryption, but additionally what you can do is use some sort of PKI structure. PKI is Public Key infrastructure that can guarantee that the person communicating information to the third party for example is in fact that person.

-It works like this:

-Sender has a Private and Public Key the Recipient has a Private and Public Key
-To exchange information the Recipient sends "her" Public Key to the Sender
-The Sender Encrypts the information with Recipients Public Key and sends the information
-The Recipient then Decrypts the Information with "her" Private Key

photo courtesy of: (

-Keep in mind that the Private Keys are never Exchanged ONLY Public keys

39. What is SQL injection?