PCI PRACTICE EXAM 3 QUESTIONS WITH
ANSWERS LATEST UPDATE ALREADY
GRADED A+
A sample of business facilities is reviewed during the PCI
DSS requirement. What is the assessor required to
validate about the sample?
- It includes a consistent set of facilities that are reviewed
for all assessments
- The number of facilities in the sample is at least 10% of
the total number of facilities
- Every facility where cardholder data is stored is reviewed
- All types and locations of facilities are represented -
correct answer- All types and locations of
facilities are represented
An entity accepts e-commerce payment card transactions.
The database server and web server are located in the
same, secured DMZ network segment. The database
server and web server are on separate physical servers.
,What is required for the entity to meet PCI DSS
requirements?
- The web server and database server should be installed
on same physical server
- The database server should be moved out of the DMZ
and into the internal network
- The web server should be moved out of DMZ and into
the internal network
- The database server should be moved to the separate
DMZ segment from the web server - correct
answer- The database server should be moved out
of the DMZ and into the internal network
As defined in PCI DSS requirement 1.2, firewall and router
configurations must restrict connections between which
of the following?
- Wireless networks and untrusted networks
- Each DMZ and internal network
- Corporate networks and the cardholder data
environment
,- Each system in the DMZ - correct answer-
Corporate networks and the cardholder data environment
As defined in Requirement 8, what is the minimum
complexity of user passwords?
- 8 characters, either alphabetic or numeric
- 5 characters, either alphabetic or numeric
- 6 characters, both alphabetic and numeric characters
- 7 characters, both alphabetic and numeric characters -
correct answer- 7 characters, both alphabetic
and numeric characters
Assigning a unique ID to each person is intended to
ensure:
- Strong passwords are used for each user account
- Shared accounts are only used by administrators
- Individual users are accountable for their own actions
- Access is assigned to group accounts based on need-to-
know - correct answer- Individual users are
accountable for their own actions
, How often does PCI DSS require organizations to review
their information security policy?
- At least annually
- At least quarterly
- Every six months
- Every three years - correct answer- At least
annually
How often personnel are required to acknowledge that
they have read and understood the security policy and
procedures?
- At least quarterly
- At least every six months
- At least annually
- At least monthly - correct answer- At least
annually
If an entity doesn't use wireless networking technology
anywhere in their environment, what must the assessor
ANSWERS LATEST UPDATE ALREADY
GRADED A+
A sample of business facilities is reviewed during the PCI
DSS requirement. What is the assessor required to
validate about the sample?
- It includes a consistent set of facilities that are reviewed
for all assessments
- The number of facilities in the sample is at least 10% of
the total number of facilities
- Every facility where cardholder data is stored is reviewed
- All types and locations of facilities are represented -
correct answer- All types and locations of
facilities are represented
An entity accepts e-commerce payment card transactions.
The database server and web server are located in the
same, secured DMZ network segment. The database
server and web server are on separate physical servers.
,What is required for the entity to meet PCI DSS
requirements?
- The web server and database server should be installed
on same physical server
- The database server should be moved out of the DMZ
and into the internal network
- The web server should be moved out of DMZ and into
the internal network
- The database server should be moved to the separate
DMZ segment from the web server - correct
answer- The database server should be moved out
of the DMZ and into the internal network
As defined in PCI DSS requirement 1.2, firewall and router
configurations must restrict connections between which
of the following?
- Wireless networks and untrusted networks
- Each DMZ and internal network
- Corporate networks and the cardholder data
environment
,- Each system in the DMZ - correct answer-
Corporate networks and the cardholder data environment
As defined in Requirement 8, what is the minimum
complexity of user passwords?
- 8 characters, either alphabetic or numeric
- 5 characters, either alphabetic or numeric
- 6 characters, both alphabetic and numeric characters
- 7 characters, both alphabetic and numeric characters -
correct answer- 7 characters, both alphabetic
and numeric characters
Assigning a unique ID to each person is intended to
ensure:
- Strong passwords are used for each user account
- Shared accounts are only used by administrators
- Individual users are accountable for their own actions
- Access is assigned to group accounts based on need-to-
know - correct answer- Individual users are
accountable for their own actions
, How often does PCI DSS require organizations to review
their information security policy?
- At least annually
- At least quarterly
- Every six months
- Every three years - correct answer- At least
annually
How often personnel are required to acknowledge that
they have read and understood the security policy and
procedures?
- At least quarterly
- At least every six months
- At least annually
- At least monthly - correct answer- At least
annually
If an entity doesn't use wireless networking technology
anywhere in their environment, what must the assessor
