I was entirely ignorant of most of what that link was discussing, now I'm marginally less ignorant. Saying that, and assuming the PCI literature/guidelines referenced were accurate, the security admin requesting all that information is an idiot.

If I can read the PCI regulations and gather that in 2 minutes and he can't grasp it after 10 years, then it's probably wise they decided not to stay with that company.