100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
PCI DSS 3.2.1 2024 Questions and Answers 2024 / 2025 (Verified Answers by Expert) $13.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. PCI DSS
  4.  
  5. PCI DSS

Exam (elaborations)

PCI DSS 3.2.1 2024 Questions and Answers 2024 / 2025 (Verified Answers by Expert)
 8 views  0 purchase
  • Course
  • PCI DSS
  • Institution
  • PCI DSS

PCI DSS 3.2.1 2024 Questions and Answers 2024 / 2025 (Verified Answers by Expert)

Preview 4 out of 52  pages

Document information

  • August 9, 2024
  • 52
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • PCI DSS
  • PCI DSS

Seller

avatar-seller
BESTGOODIES

Reviews received

Content preview

PCI DSS 3.2.1.pdf file:///C:/Users/HP/Desktop/TYPA%20NEW/PCI%20DSS%203.2.1




PCI DSS 3.2.1


1. Which of the following does not belong?

The following events should be included in automated audit trails for allsystem

component



-Individual access to cardholder data

-Creation and deletion of system-level objects

-Invalid logical access attempts

-Actions taken by user with root or administrative privileges

-Changes, additions, or deletions to any account with root or administrativeprivileges

-Audit trail access

-Use of identification and authentication mechanisms

-Elevation of privileges

-Initialization of audit logs

-Stopping or pausing of audit logs

ANS All of these should be included. (Requirement10.2.1 - 10.2.7)





1 of 52 8/8/2024, 3:24

,PCI DSS 3.2.1.pdf file:///C:/Users/HP/Desktop/TYPA%20NEW/PCI%20DSS%203.2.1




2. Which of the following does not belong?

The following audit trail entries should be recorded for each event



-User identification

-Type of event

-Date and time

-Success or failure

-Origination of event

-Identity of name of affected data, system component, or resource

-Initializing, stopping, or pausing of audit logs

ANS Initializing, stopping, or pausingof audit logs - this choice is part of what should be included

in audit logs (10.2)



This question pertains to 10.3 (10.3.1 - 10.3.6)



3. How often should logs and security event reviews be conducted?

ANS At leastdaily (10.6)





2 of 52 8/8/2024, 3:24

,PCI DSS 3.2.1.pdf file:///C:/Users/HP/Desktop/TYPA%20NEW/PCI%20DSS%203.2.1




4. How long should audit trail history be retained?



At least of history must be immediately available for analysis.

ANS At least 1year retained



3 months

(10.7)



5. How long should visitor logs for physical access be retained?

ANS At least 3months (9.4)



6. Critical patches need to installed within of release.

ANS One month









3 of 52 8/8/2024, 3:24

,PCI DSS 3.2.1.pdf file:///C:/Users/HP/Desktop/TYPA%20NEW/PCI%20DSS%203.2.1




7. For public-facing web applications, which of the following is required?

-Web application firewalls

-Manual vulnerability assessment tools

-Automated vulnerability assessment tools

ANS Any one or more of these. Accordingto Requirement 6.6, ensure that either one of the

following methods is in place




1. Web application firewalls - Examine system configuration settings to verify anautomated

technical solution that detects and prevents web-based attacks is inplace.

2. Web application assessment - Verify that public-facing web applications are re- viewed using

with manual or automated vulnerability assessment tools or methods.



8. How frequently should web application assessments be conducted?

ANS Atleast annually and after any significant changes (6.6)



9. Does an application vulnerability assessment have to be conducted by a third party?

ANS No. As long as the reviewers specialize in application security and candemonstrate





4 of 52 8/8/2024, 3:24

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller BESTGOODIES. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75759 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart