PCI-DSS ISA EXAM QUESTIONS AND
ANSWERS. VERIFIED 2026.
Perimeter firewalls installed ______________________________. - ANS between all wireless
networks and the CHD environment.
Where should firewalls be installed? - ANS At each Internet connection and between any
DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. - ANS 6 months
If disk encryption is used - ANS logical access must be managed separately and
independently of native operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following: -
ANS Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ANS Card verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be masked are: All digits between the ___________ and the __________. - ANS first
6; last 4
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Regarding protection of PAN... - ANS PAN must be rendered unreadable during the
transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
ANS Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - ANS WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ - ANS on all
system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ANS 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ANS there is legitimate technical
need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________ of
release. - ANS 1 month
When to install applicable vendor-supplied security patches? - ANS within an appropriate
time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes: - ANS Reviewing software development
policies and procedures
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
ANSWERS. VERIFIED 2026.
Perimeter firewalls installed ______________________________. - ANS between all wireless
networks and the CHD environment.
Where should firewalls be installed? - ANS At each Internet connection and between any
DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. - ANS 6 months
If disk encryption is used - ANS logical access must be managed separately and
independently of native operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following: -
ANS Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ANS Card verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be masked are: All digits between the ___________ and the __________. - ANS first
6; last 4
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Regarding protection of PAN... - ANS PAN must be rendered unreadable during the
transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
ANS Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - ANS WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ - ANS on all
system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ANS 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ANS there is legitimate technical
need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________ of
release. - ANS 1 month
When to install applicable vendor-supplied security patches? - ANS within an appropriate
time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes: - ANS Reviewing software development
policies and procedures
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
