Exam (elaborations)
PCI ISA EXAM QUESTIONS AND 100% CORRECT ANSWERS
- Course
- Institution
PCI ISA EXAM QUESTIONS AND 100% CORRECT ANSWERS...
[Show more]
Content preview
PCI ISA EXAM QUESTIONS AND 100% CORRECT ANSWERSQSAs shall retain work papers for a minimum of _______ years. It is good practice for
ISAs to do the same. - Answer 3
Under PCI DSS requirement 1, Firewall and router rule sets shall be reviewed every
_____ months. - Answer 6
At a minimum ______________ and prior to annual assessment the assessed entity:
Identifies all locations and flows of cardholder data to validate they are in scope for the
CDE Includes confirmation that their PCI DSS scope is accurate, retains their scoping
documentation for use by the assessor - Respond annually
Scope Includes
Response ppl process, technology
Evidence Retention
It is recommended that the ISA retain and maintain digital and/or hard copies of case
logs, audit results and work papers, notes and any technical information which was
created and/or obtained from during the PCI Data Security Assessment for at least
________ or as applicable to company data retention policies - Answer of three
A (time) ______ process for identifying and securely deleting stored cardholder data that
exceeds defined retention requirements. - Answer quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) - Answer
authorization
manual clear-text key-management procedures specify processes for the use of the
, following - Answer Split knowledge.Dual control
Dual control - No single individual can execute any key-management operation without
another person and no one has access to the authentication materials of another, such
as passwords or keys
Split knowledge - Key components are under the control of at least two persons, who
only have knowledge of their own key components
PAN is made unreadable in what ways - Hash
Mask
Encrypt
Pad
Ensure that all system components and software are protected from known
vulnerabilities by installing applicable vendor-supplied security patches. Critical
security patches are installed within _____ of release. - Answer one month
Installation of all applicable vendor-supplied security patches within an
___________________ - Answer appropriate time frame for example, within three months)
ensures change control has these 4 things - Answer impack
testing (PCI review)
backout
approval
Train developers at least ________ in up-to-date secure coding techniques, including
how to avoid common coding vulnerabilities, and understanding how sensitive data is
handled in memory. - Answer annually
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79373 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now