Exam (elaborations)
PCI - ISA Exam Flash Cards Questions and Answers 100% Accurate
- Course
- Institution
PCI - ISA Exam Flash Cards
[Show more]
Content preview
PCI - ISA Exam Flash CardsWhat makes up SAD? - answer- Track Data
- CAV2/CVC2/CVV2/CID)
- PINs & PIN Blocks
Track 1 - answer Contains all fields of both Track 1 and Track 2, up to 79 characters
long
11.2 Internal Scans - Frequency and performed by who? - answer Quarterly and after
significant changes in the network - Performed by qualified, internal or external,
resource
11.3 Penetration Tests (SERVICE PROVIDERS) - Frequency and performed by who? -
answer Every 6 months by a qualified, internal or external, resource
11.2 External Scans - Frequency and performed by who? - answer Quarterly and after
significant changes in the network - Performed by PCI SSC Approved Scanning Vendor
(ASV)
11.3 Penetration Tests - Frequency and performed by who? - answerAt least annually
and after significant changes in the network - Performed by qualified, internal or
external, resource
11.2 Review scan reports and verify scan process includes rescans until: - answer-
External scans: no vulnerabilities exists that scored 4.0 or higher by the CVSS
- Internal scans: all high-risk vulnerabilities as defined in PCI DSS requirement 6.1 are
resolved
Who decides if a ROC or SAQ is required? - answerPayment Brands / Acquirers
10.2 Implement audit trails for all system components to reconstruct the following
events: - answer- All individual accesses to CHD
- Actions taken by any individual with root or admin privileges
- Access to all audit trails
- Invalid logical access attempts
- Use of, and changes to, identification and authentication mechanisms
- Initialization, stopping, or pausing of the audit logs
- Creation and deleting of system-level objects
How long must QSA's retain work papers? - answer3 years, recommend the same for
ISAs
, Firewall and router rule sets must be reviewed every _____________________. -
answer6 months
Things to consider when assessing: - answerPeople, processes, technology
How often should an entity undergo a process to securely delete stored CHD that
exceeds defined retention requirements? - answerAt least quarterly
3.6 Key-management operations Dual Control vs Split Knowledge - answerDual
Control: At least two people are required to perform any key-management operations
and no one person has access to the authentication materials (e.g., passwords, keys) of
another
Split Knowledge: Key components are under the control of at least two people who only
have knowledge of their own key components
3.4 Pan is rendered unreadable in which ways? - answerHash, truncation, encrypt,
index token and pads
6.2 Critical Security patches should be installed
__________________________________. - answerWithin 1 month of release
6.2 Installation of applicable vendor-supplied security patches (non-critical) should be
installed: - answerWithin an appropriate time frame (e.g., 3 months)
6.4.5 Change control procedures must include the following - answer- Documentation of
impact
- Documented change approval by authorized parties
- Functionality testing to verify change does not adversely impact security of the system
- Back-out procedures
6.5 Developers must be trained in up-to-date secure coding techniques at least
________. - answerAnnually
6.6 For public-facing web applications, address new threats and vulnerabilities on an
ongoing basis and ensure these applications are protected against known attacks by
either of the following methods - answer- At least annually, and after any changes,
review via manual or automated application vulnerability assessment tools/methods
- Automated technical solution that detects and prevents web-based attacks
continuously
1.3.2 Examine firewall and router configurations to verify inbound traffic is: -
answerLimited to IP addresses within the DMZ
7.1.4 Select sample of user IDs and compare with documented approvals to verify: -
answer1) Documented approval exists for the assigned privileges
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jw638729. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80467 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now