100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
PCI DSS 4.0 QUESTIONS AND ANSWERS SCORED A+ $13.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. Pci
  4.  
  5. Pci

Exam (elaborations)

PCI DSS 4.0 QUESTIONS AND ANSWERS SCORED A+
 4 views  0 purchase
  • Course
  • Pci
  • Institution
  • Pci

Exam of 8 pages for the course pci at pci (PCI DSS 4.0)

Preview 2 out of 8  pages

Document information

  • October 31, 2024
  • 8
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • Pci
  • Pci

Seller

avatar-seller
jw638729

Reviews received

Content preview

PCI DSS 4.0

Requirements not Eligible for Customized Approach - answer You can't use a custom
control to store SAD after authorization

Two approaches entities can take in PCI DSS 4.0 - answer Defined Approach,
Customized Approach

What are traits of Customized approach - answer Build a customized control that meets
the customized control objective

the entity must perform a targeted risk analysis for each customized control, as well as
perform testing, monitoring and provide extra documentation for the assessor.

No compensating controls are an option for meeting the compensating control objective.

Steps for using Customized Approach (Entity) - answer Document and maintain
evidence about each customized control

Perform targeted risk analysis

Test and monitor the control

Steps for using customized approach (Assessor) - answer Review Entity's evidence

Derive the testing procedures

Test the control

Sample Templates to Support Customized Approach - answer Controls Matrix Template

Targeted Risk Analysis template

Customized Control Matrix in Appendix E for Customized Approach - answer Entity
completes it, assessor reviews for accuracy

Customized Targeted Risk Analysis Appendix E2 for Customized Approach -
answerEntity fills it out, Assessor reviews it.

Mischief - answerRefers to an occurence or an event that negatively affects the security
posture of the entity

1.2 (NSC's) Review of configurations occur: - answerEvery 6 months

, 3.2 (Storage of Data is kept at a minimum) Verify data has been deleted at least once
every: - answer3 months

3.4 (Access to displays of full PAN and ability to copy cardholder data are restricted)
Masking PAN: - answerFirst 6, last 4 displayed

5.2 (Malicious software is prevented, or detected and addressed) Anti-malware is
deployed on all system components, except: - answerFor those systems components
identified in periodic evaluations

6.3 (Security Vulnerabilities are identified and addressed) Software Patching-critical or
high-security patches installed: - answerWithin 1 month of release

6.4 (Public-facing web applications are protected against attacks) Security Assessment-
at least every: - answer12 months or automated technical solutions

Who must review the report before it is finalized? - answerThe assessed entity

7.2 (Access to system components and data is appropriately defined and assigned)
User accounts review at least: - answerEvery 6 months

8.2 (User identification and related accounts for users and administrators are strictly
managed throughout an account lifecycle) Revoked User Accounts revoked: -
answerImmediately

8.2 Inactive user accounts removed or disabled within - answer90 days

8.2 Session idle timeout after no more than - answer15 min

8.3 (Strong authentication for users and administrators is established and managed)
Locking out after no more than and for at least: - answer10 attempts and for at least 30
min

8.3 Password/passphrases character minimum: - answer12 with 8

8.3 New Passwords not the same as the last - answer4

8.3 Passwords in single-factor authentication changed: - answerevery 90 days

10.3 (Audit Logs are protected from destruction and unauthorized modifications) Logs
are protected and backed up: - answerPromptly

10.5 (Audit log history is retained and available for analysis) Retain log history for at
least, with at least available: - answer1 year, with 3 months available for immediate
analysis

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller jw638729. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

80467 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart