100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
PCI Practice Exam 3 Questions and Answers Latest Update 2023 58 Questions $14.99   Add to cart

Exam (elaborations)

PCI Practice Exam 3 Questions and Answers Latest Update 2023 58 Questions

 3 views  0 purchase
  • Course
  • Institution

PCI Practice Exam 3 Questions and Answers (Latest Update 2023) 58 Questions When must cryptographic keys be changed? - At the end of their defined crypto period - At least annually - When a new key custodian is employed - Upon release of a new algorithm What must the assessors verify when tes...

[Show more]

Preview 2 out of 14  pages

  • March 27, 2024
  • 14
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
PCI Practice Exam 3 Questions and Answers
(Latest Update 2023) 58 Questions

1). When must cryptographic keys be changed?
- at the end of their defined crypto period
- at least annually
- when a new key custodian is employed
- upon release of a new algorithm

 Ans: At the end of their defined crypto period


2). What must the assessors verify when testing that cardholder data is protected whenever it
is sent over the internet?
- the security protocol is configured to support earlier versions
- the encryption strength is appropriate for the technology in use
- the security protocol is configured to accept all digital certificates
- the cardholder data is securely deleted once the transmission has been sent

 Ans: The encryption strength is appropriate for the technology in use


3). As defined in requirement 8, what is the minimum complexity of user passwords?
- 8 characters, either alphabetic or numeric
- 5 characters, either alphabetic or numeric
- 6 characters, both alphabetic and numeric characters
- 7 characters, both alphabetic and numeric characters

 Ans: 7 characters, both alphabetic and numeric characters


4). Which statement is correct regarding use of production data (live pans) for testing and
development?
- live pans must not be used for testing or development
- access to live pans must be used for testing and development must be restricted to
authorized personnel
- live pans must be used for testing and development
- all live pans used for testing and development must be authorized by the cardholder

 Ans: Live PANs must not be used for testing or development


5).



PaperStoc.com Page 1 of 14

, Which of the following is an example of multi-factor authentication?
- a token that must be presented twice during the login process
- a user passphrase and an application-level password
- a user password and a pin-activated smart card
- a user fingerprint and a user thumbprint

 Ans: A user password and a PIN-activated smart card


6). Which of the following types of events is required to be logged?
- all use of end-user messaging technologies
- all access to external websites
- all access to all audit trails
- all network transmissions

 Ans: All access to all audit trails


7). Which of the following meets pci dss requirements for secure destruction of media
containing cardholder data?
- cardholder data on hard copy materials is copied to electronic media before the hard copy
materials are destroyed
- storage containers used for hardcopy materials are located outside of the cde
- electronic media is physically destroyed to ensure the data cannot be reconstructed
- electronic media is stored in a secure location when the data is no longer needed for
business or legal reasons

 Ans: Electronic media is physically destroyed to ensure the data cannot be
reconstructed


8). Which scenario meets the intent of pci dss requirements for assigning users access to
cardholder data?
- access is assigned to all users based on the access needs of the least-privileged user
- access is assigned to individual users based on the highest privilege available
- access is assigned to an individual users based on the privileges needed to perform their
job
- access is assigned to a group of users based on the privileges of the most senior user in
the group

 Ans: Access is assigned to an individual users based on the privileges needed to
perform their job


9). Which of the following is an example of a system-level object?
- a log file
- an application executable or configuration file



PaperStoc.com Page 2 of 14

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Academik001. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart