PCI DSS ISA STUDY GUIDE QUESTIONS
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT
A "Merchant Bank" is commonly referred to as: -
correct answer- An Acquirer.
A network diagram does not need to be kept current. -
correct answer- False
All other inbound and outbound traffic needs to be: -
correct answer- Specifically denied by using an
explicit "deny all" or an implicit deny after allow
statement.
Besides technologies, what else is considered in scope? -
correct answer- People and Processes
Connections between untrusted networks and any system
components in the cardholder data environment need to
,be restricted by firewall and router configurations. -
correct answer- True
Direct public access between the internet and any system
component in the cardholder data environment needs to
be: - correct answer- Prohibited.
Example of weak encryption - correct answer-
WEP, SSL
Examples of end-user messaging technologies -
correct answer- e-mail, instant messaging, SMS,
chat
Examples of security protocols - correct answer-
TLS, IPSEC, SSH
Examples of systems providing security services: -
correct answer- - Authentication servers (LDAP)
- Time management servers (NTP)
- Patch deployment servers
, - Audit log servers and correlation servers
- Anti-virus management servers
- Routers and firewalls filtering network traffic
- System performing cryptographic and/or key
management functions
- Systems controlling and/or monitoring physical access
Examples of types of technologies - correct
answer- - Servers, applications, networks, devices
- Physical security systems
- Logical security systems
- Payment terminals and point of sale systems
- Electronic communications
- Backups and disaster recovery "hot" sites
- Telecommunications - POTS vs. VOIP
- Management systems
- Remote access systems
AND ANSWERS WITH VERIFIED
SOLUTIONS 100% CORRECT
A "Merchant Bank" is commonly referred to as: -
correct answer- An Acquirer.
A network diagram does not need to be kept current. -
correct answer- False
All other inbound and outbound traffic needs to be: -
correct answer- Specifically denied by using an
explicit "deny all" or an implicit deny after allow
statement.
Besides technologies, what else is considered in scope? -
correct answer- People and Processes
Connections between untrusted networks and any system
components in the cardholder data environment need to
,be restricted by firewall and router configurations. -
correct answer- True
Direct public access between the internet and any system
component in the cardholder data environment needs to
be: - correct answer- Prohibited.
Example of weak encryption - correct answer-
WEP, SSL
Examples of end-user messaging technologies -
correct answer- e-mail, instant messaging, SMS,
chat
Examples of security protocols - correct answer-
TLS, IPSEC, SSH
Examples of systems providing security services: -
correct answer- - Authentication servers (LDAP)
- Time management servers (NTP)
- Patch deployment servers
, - Audit log servers and correlation servers
- Anti-virus management servers
- Routers and firewalls filtering network traffic
- System performing cryptographic and/or key
management functions
- Systems controlling and/or monitoring physical access
Examples of types of technologies - correct
answer- - Servers, applications, networks, devices
- Physical security systems
- Logical security systems
- Payment terminals and point of sale systems
- Electronic communications
- Backups and disaster recovery "hot" sites
- Telecommunications - POTS vs. VOIP
- Management systems
- Remote access systems
