I'm completely lost, need help to find which two are true:

A
A standard ID-1 payment card has a CVV1 code printed on it to assist
with ‘card-not-present’ transactions.
B
A four-digit decimal PIN (commonly used for payment cards) can provide
a wider range of combinations than a password based upon three
(English) alphabetic letters.
C
An EMV SDA card is less susceptible than an EMV DDA card to being
‘skimmed’ and ‘cloned’ for future fraudulent use.
D
In a secure session using TLS/SSL, symmetric encryption is used to
protect some of the data being sent between two computers.
E
An SDA EMV card uses the private key of a public key pair to encrypt a
response to an unpredictable challenge message sent to it by an EMV
terminal during a purchase transaction process.
F
In an ATM card transaction, a user’s entered PIN is used to derive a
PVV which can be compared within a hardware security module (HSM)
with the PVV registered for that account.
G
Each debit transaction carried out with a DDA EMV card requires
immediate online authorisation from the card issuer.