Exam (elaborations) ISA
For PCI DSS requirement 1, firewall and router rule sets need to be reviewed every
_____________ months - CORRECT ANSWER 6 months
Non-console administrator access to any web-based management interfaces must be
encrypted with technology such as......... - CORRECT ANS...
pci isa exam verified 100 question and answers 2022
isa
exam elaborations isa
firewall and router rule sets need to be reviewed every
non console administrator a
Written for
ISA
All documents for this subject (209)
Seller
Follow
EWLindy
Reviews received
Content preview
PCI ISA Exam Verified 100%
Question And Answers 2022
For PCI DSS requirement 1, firewall and router rule sets need to be reviewed every
_____________ months - CORRECT ANSWER 6 months
Non-console administrator access to any web-based management interfaces must be
encrypted with technology such as......... - CORRECT ANSWER HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and
daemons. Which of the following is considered to be secure? - CORRECT ANSWER
SSH, TLS, IPSEC, VPN
Which of the following is considered "Sensitive Authentication Data"? - CORRECT
ANSWER Card Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data, PIN/PIN
Block
True or False: It is acceptable for merchants to store Sensitive Authentication after
authorization as long as it is strongly encrypted? - CORRECT ANSWER False
When a PAN is displayed to an employee who does NOT need to see the full PAN, the
minimum digits to be masked are: - CORRECT ANSWER All digits between the first six
and last four
Which of the following is true regarding protection of PAN? - CORRECT ANSWER PAN
must be rendered unreadable during transmission over public, wireless networks
Which of the following may be used to render PAN unreadable in order to meet
requirement 3.4? - CORRECT ANSWER Hashing the entire PAN using strong
cryptography, truncation, index tokens and pads with pads being securely stored, strong
cryptography with associated key-management processes and procedures
True or False Manual clear-text key-management procedures specify processes for the
use of keys that are stored on production systems, use of split knowledge and dual
control is required. - CORRECT ANSWER True
When assessing requirement 6.5, testing to verify secure coding techniques are in place
to address common coding vulnerabilities includes: - CORRECT ANSWER Examine
software development policies and procedures to verify that up-to-date training in
, secure coding techniques is required for developers at least annually, based on industry
best practices and guidance
One of the principles to be used when granting user access to systems in CDE is: -
CORRECT ANSWER Least privilege
An example of a "one-way" cryptographic function used to render data unreadable is: -
CORRECT ANSWER SHA-2
A set of cryptographic hash functions designed by the National Security Agency (NS). -
CORRECT ANSWER SHA-2 (Secure Hash Algorithm
Inactive user accounts should be either removed or disabled within___ - CORRECT
ANSWER 90 days
True or False: Procedures must be developed to easily distinguish the difference
between onsite personnel and visitors. - CORRECT ANSWER True
When should access be revoked of recently terminated employees? - CORRECT
ANSWER immediately
True or False: A visitor with a badge may enter sensitive area unescorted. - CORRECT
ANSWER False, visitors must be escorted at all times.
Protection of keys used for encryption of cardholder data against disclosure must
include at least: (4 items) - CORRECT ANSWER *Access to keys is restricted to the
fewest number of custodians necessary
*Key-encrypting keys are at least as strong as the data-encrypting keys they protect
*Key encrypting keys are stored separately from data-encrypting keys
*Keys are stored securely in the fewest possible locations
Description of cryptographic architecture includes: - CORRECT ANSWER *Details of all
algorithms, protocols, and keys used for the protection of cardholder data, including key
strength and expiry date
*Description of the key usage for each key
*Inventory of any HSMs and other SCDs used for key management
What 2 methods must NOT be used to be disk-level encryption compliant - CORRECT
ANSWER *Cannot use the same user account authenticator as the operating system
*Cannot use a decryption key that is associated with or derived from the systems local
user account database or general network login credentials.
6 months - CORRECT ANSWER DESV User accounts and access privileges are
reviewed at least every______
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EWLindy. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.