Exam (elaborations)
PCI - ISA Exam Questions with Correct Answers.
- Course
- Institution
PCI - ISA Exam Questions with Correct Answers.PCI - ISA Exam Questions with Correct Answers.PCI - ISA Exam Questions with Correct Answers.
[Show more]
Content preview
PCI - ISA Exam Questions with Correct Answers.What makes up SAD? - Correct Answer - Track Data
- CAV2/CVC2/CVV2/CID)
- PINs & PIN Blocks
Track 1 - Correct Answer Contains all fields of both Track 1 and Track 2, up to 79
characters long
11.2 Internal Scans - Frequency and performed by who? - Correct Answer Quarterly
and after significant changes in the network - Performed by qualified, internal or
external, resource
11.3 Penetration Tests (SERVICE PROVIDERS) - Frequency and performed by who? -
Correct Answer Every 6 months by a qualified, internal or external, resource
11.2 External Scans - Frequency and performed by who? - Correct Answer Quarterly
and after significant changes in the network - Performed by PCI SSC Approved
Scanning Vendor (ASV)
11.3 Penetration Tests - Frequency and performed by who? - Correct Answer At least
annually and after significant changes in the network - Performed by qualified, internal
or external, resource
11.2 Review scan reports and verify scan process includes rescans until: - Correct
Answer - External scans: no vulnerabilities exists that scored 4.0 or higher by the CVSS
- Internal scans: all high-risk vulnerabilities as defined in PCI DSS requirement 6.1 are
resolved
Who decides if a ROC or SAQ is required? - Correct Answer Payment Brands /
Acquirers
10.2 Implement audit trails for all system components to reconstruct the following
events: - Correct Answer - All individual accesses to CHD
- Actions taken by any individual with root or admin privileges
- Access to all audit trails
- Invalid logical access attempts
- Use of, and changes to, identification and authentication mechanisms
- Initialization, stopping, or pausing of the audit logs
- Creation and deleting of system-level objects
How long must QSA's retain work papers? - Correct Answer 3 years, recommend the
same for ISAs
Firewall and router rule sets must be reviewed every _____________________. -
Correct Answer 6 months
, Things to consider when assessing: - Correct Answer People, processes, technology
How often should an entity undergo a process to securely delete stored CHD that
exceeds defined retention requirements? - Correct Answer At least quarterly
3.6 Key-management operations Dual Control vs Split Knowledge - Correct Answer
Dual Control: At least two people are required to perform any key-management
operations and no one person has access to the authentication materials (e.g.,
passwords, keys) of another
Split Knowledge: Key components are under the control of at least two people who only
have knowledge of their own key components
3.4 Pan is rendered unreadable in which ways? - Correct Answer Hash, truncation,
encrypt, index token and pads
6.2 Critical Security patches should be installed
__________________________________. - Correct Answer Within 1 month of release
6.2 Installation of applicable vendor-supplied security patches (non-critical) should be
installed: - Correct Answer Within an appropriate time frame (e.g., 3 months)
6.4.5 Change control procedures must include the following - Correct Answer -
Documentation of impact
- Documented change approval by authorized parties
- Functionality testing to verify change does not adversely impact security of the system
- Back-out procedures
6.5 Developers must be trained in up-to-date secure coding techniques at least
________. - Correct Answer Annually
6.6 For public-facing web applications, address new threats and vulnerabilities on an
ongoing basis and ensure these applications are protected against known attacks by
either of the following methods - Correct Answer - At least annually, and after any
changes, review via manual or automated application vulnerability assessment
tools/methods
- Automated technical solution that detects and prevents web-based attacks
continuously
1.3.2 Examine firewall and router configurations to verify inbound traffic is: - Correct
Answer Limited to IP addresses within the DMZ
7.1.4 Select sample of user IDs and compare with documented approvals to verify: -
Correct Answer 1) Documented approval exists for the assigned privileges
2) Approved by authorized parties
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectjoe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79107 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now