PCI-DSS ISA Exam UPDATED
QUESTIONS AND CORRECT ANSWERS
Perimeter firewalls installed ______________________________. - CORRECT
ANSWER between all wireless networks and the CHD environment.
Where should firewalls be installed? - CORRECT ANSWER At each Internet
connection and between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. - CORRECT
ANSWER 6 months
If disk encryption is used - CORRECT ANSWER logical access must be managed
separately and independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the following:
- CORRECT ANSWER Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - CORRECT ANSWER Card
verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the
minimum digits to be masked are: All digits between the ___________ and the __________.
- CORRECT ANSWER first 6; last 4
Regarding protection of PAN... - CORRECT ANSWER PAN must be rendered
unreadable during the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
CORRECT ANSWER Hashing the entire PAN using strong cryptography
, Weak security controls that should NOT be used - CORRECT ANSWER WEP, SSL,
and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ - CORRECT
ANSWER on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - CORRECT ANSWER 1)
Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - CORRECT ANSWER there
is legitimate technical need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________
of release. - CORRECT ANSWER 1 month
When to install applicable vendor-supplied security patches? - CORRECT
ANSWER within an appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes: - CORRECT ANSWER Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - CORRECT ANSWER Need-to-know
and least privilege
Inactive accounts over _____________days need to be removed or disabled. - CORRECT
ANSWER 90 days
To verify user access termination policy, an ISA need to select a sample of user terminated in
the past _______________ months, and review current user access lists—for both local and
QUESTIONS AND CORRECT ANSWERS
Perimeter firewalls installed ______________________________. - CORRECT
ANSWER between all wireless networks and the CHD environment.
Where should firewalls be installed? - CORRECT ANSWER At each Internet
connection and between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. - CORRECT
ANSWER 6 months
If disk encryption is used - CORRECT ANSWER logical access must be managed
separately and independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the following:
- CORRECT ANSWER Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - CORRECT ANSWER Card
verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the
minimum digits to be masked are: All digits between the ___________ and the __________.
- CORRECT ANSWER first 6; last 4
Regarding protection of PAN... - CORRECT ANSWER PAN must be rendered
unreadable during the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
CORRECT ANSWER Hashing the entire PAN using strong cryptography
, Weak security controls that should NOT be used - CORRECT ANSWER WEP, SSL,
and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ - CORRECT
ANSWER on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - CORRECT ANSWER 1)
Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - CORRECT ANSWER there
is legitimate technical need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________
of release. - CORRECT ANSWER 1 month
When to install applicable vendor-supplied security patches? - CORRECT
ANSWER within an appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes: - CORRECT ANSWER Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - CORRECT ANSWER Need-to-know
and least privilege
Inactive accounts over _____________days need to be removed or disabled. - CORRECT
ANSWER 90 days
To verify user access termination policy, an ISA need to select a sample of user terminated in
the past _______________ months, and review current user access lists—for both local and
