PCI Practice Exam 3 Questions and Answers Latest Update 2023 58 Questions
3 views 0 purchase
Course
NURSING 706
Institution
NURSING 706
PCI Practice Exam 3 Questions and Answers (Latest Update 2023) 58 Questions
When must cryptographic keys be changed?
- At the end of their defined crypto period
- At least annually
- When a new key custodian is employed
- Upon release of a new algorithm
What must the assessors verify when tes...
PCI Practice Exam 3 Questions and Answers
(Latest Update 2023) 58 Questions
1). When must cryptographic keys be changed?
- at the end of their defined crypto period
- at least annually
- when a new key custodian is employed
- upon release of a new algorithm
Ans: At the end of their defined crypto period
2). What must the assessors verify when testing that cardholder data is protected whenever it
is sent over the internet?
- the security protocol is configured to support earlier versions
- the encryption strength is appropriate for the technology in use
- the security protocol is configured to accept all digital certificates
- the cardholder data is securely deleted once the transmission has been sent
Ans: The encryption strength is appropriate for the technology in use
3). As defined in requirement 8, what is the minimum complexity of user passwords?
- 8 characters, either alphabetic or numeric
- 5 characters, either alphabetic or numeric
- 6 characters, both alphabetic and numeric characters
- 7 characters, both alphabetic and numeric characters
Ans: 7 characters, both alphabetic and numeric characters
4). Which statement is correct regarding use of production data (live pans) for testing and
development?
- live pans must not be used for testing or development
- access to live pans must be used for testing and development must be restricted to
authorized personnel
- live pans must be used for testing and development
- all live pans used for testing and development must be authorized by the cardholder
Ans: Live PANs must not be used for testing or development
5).
PaperStoc.com Page 1 of 14
, Which of the following is an example of multi-factor authentication?
- a token that must be presented twice during the login process
- a user passphrase and an application-level password
- a user password and a pin-activated smart card
- a user fingerprint and a user thumbprint
Ans: A user password and a PIN-activated smart card
6). Which of the following types of events is required to be logged?
- all use of end-user messaging technologies
- all access to external websites
- all access to all audit trails
- all network transmissions
Ans: All access to all audit trails
7). Which of the following meets pci dss requirements for secure destruction of media
containing cardholder data?
- cardholder data on hard copy materials is copied to electronic media before the hard copy
materials are destroyed
- storage containers used for hardcopy materials are located outside of the cde
- electronic media is physically destroyed to ensure the data cannot be reconstructed
- electronic media is stored in a secure location when the data is no longer needed for
business or legal reasons
Ans: Electronic media is physically destroyed to ensure the data cannot be
reconstructed
8). Which scenario meets the intent of pci dss requirements for assigning users access to
cardholder data?
- access is assigned to all users based on the access needs of the least-privileged user
- access is assigned to individual users based on the highest privilege available
- access is assigned to an individual users based on the privileges needed to perform their
job
- access is assigned to a group of users based on the privileges of the most senior user in
the group
Ans: Access is assigned to an individual users based on the privileges needed to
perform their job
9). Which of the following is an example of a system-level object?
- a log file
- an application executable or configuration file
PaperStoc.com Page 2 of 14
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Academik001. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.