PCI - ISA EXAM (Latest Update ) | Questions
with Verified Answers | Grade A | 100% Correct and
Accurate
What makes up SAD?
- Track Data
- CAV2/CVC2/CVV2/CID)
- PINs & PIN Blocks
Track 1
Contains all fields of both Track 1 and Track 2, up to 79 characters long
11.2 Internal Scans - Frequency and performed by who?
Quarterly and after significant changes in the network - Performed by qualified, internal or
external, resource
11.3 Penetration Tests (SERVICE PROVIDERS) - Frequency and performed by who?
Every 6 months by a qualified, internal or external, resource
11.2 External Scans - Frequency and performed by who?
Quarterly and after significant changes in the network - Performed by PCI SSC Approved
Scanning Vendor (ASV)
11.3 Penetration Tests - Frequency and performed by who?
, PCI - ISA EXAM (Latest Update ) | Questions
with Verified Answers | Grade A | 100% Correct and
Accurate
At least annually and after significant changes in the network - Performed by qualified, internal
or external, resource
11.2 Review scan reports and verify scan process includes rescans until:
- External scans: no vulnerabilities exists that scored 4.0 or higher by the CVSS
- Internal scans: all high-risk vulnerabilities as defined in PCI DSS requirement 6.1 are resolved
Who decides if a ROC or SAQ is required?
Payment Brands / Acquirers
10.2 Implement audit trails for all system components to reconstruct the following events:
- All individual accesses to CHD
- Actions taken by any individual with root or admin privileges
- Access to all audit trails
- Invalid logical access attempts
- Use of, and changes to, identification and authentication mechanisms
- Initialization, stopping, or pausing of the audit logs
- Creation and deleting of system-level objects
How long must QSA's retain work papers?
3 years, recommend the same for ISAs
, PCI - ISA EXAM (Latest Update ) | Questions
with Verified Answers | Grade A | 100% Correct and
Accurate
Firewall and router rule sets must be reviewed every _____________________.
6 months
Things to consider when assessing:
People, processes, technology
How often should an entity undergo a process to securely delete stored CHD that exceeds
defined retention requirements?
At least quarterly
3.6 Key-management operations Dual Control vs Split Knowledge
Dual Control: At least two people are required to perform any key-management operations and
no one person has access to the authentication materials (e.g., passwords, keys) of another
Split Knowledge: Key components are under the control of at least two people who only have
knowledge of their own key components
3.4 Pan is rendered unreadable in which ways?
Hash, truncation, encrypt, index token and pads
6.2 Critical Security patches should be installed __________________________________.
with Verified Answers | Grade A | 100% Correct and
Accurate
What makes up SAD?
- Track Data
- CAV2/CVC2/CVV2/CID)
- PINs & PIN Blocks
Track 1
Contains all fields of both Track 1 and Track 2, up to 79 characters long
11.2 Internal Scans - Frequency and performed by who?
Quarterly and after significant changes in the network - Performed by qualified, internal or
external, resource
11.3 Penetration Tests (SERVICE PROVIDERS) - Frequency and performed by who?
Every 6 months by a qualified, internal or external, resource
11.2 External Scans - Frequency and performed by who?
Quarterly and after significant changes in the network - Performed by PCI SSC Approved
Scanning Vendor (ASV)
11.3 Penetration Tests - Frequency and performed by who?
, PCI - ISA EXAM (Latest Update ) | Questions
with Verified Answers | Grade A | 100% Correct and
Accurate
At least annually and after significant changes in the network - Performed by qualified, internal
or external, resource
11.2 Review scan reports and verify scan process includes rescans until:
- External scans: no vulnerabilities exists that scored 4.0 or higher by the CVSS
- Internal scans: all high-risk vulnerabilities as defined in PCI DSS requirement 6.1 are resolved
Who decides if a ROC or SAQ is required?
Payment Brands / Acquirers
10.2 Implement audit trails for all system components to reconstruct the following events:
- All individual accesses to CHD
- Actions taken by any individual with root or admin privileges
- Access to all audit trails
- Invalid logical access attempts
- Use of, and changes to, identification and authentication mechanisms
- Initialization, stopping, or pausing of the audit logs
- Creation and deleting of system-level objects
How long must QSA's retain work papers?
3 years, recommend the same for ISAs
, PCI - ISA EXAM (Latest Update ) | Questions
with Verified Answers | Grade A | 100% Correct and
Accurate
Firewall and router rule sets must be reviewed every _____________________.
6 months
Things to consider when assessing:
People, processes, technology
How often should an entity undergo a process to securely delete stored CHD that exceeds
defined retention requirements?
At least quarterly
3.6 Key-management operations Dual Control vs Split Knowledge
Dual Control: At least two people are required to perform any key-management operations and
no one person has access to the authentication materials (e.g., passwords, keys) of another
Split Knowledge: Key components are under the control of at least two people who only have
knowledge of their own key components
3.4 Pan is rendered unreadable in which ways?
Hash, truncation, encrypt, index token and pads
6.2 Critical Security patches should be installed __________________________________.
