PCI-DSS ISA Exam Questions and
Answers Graded A+
Perimeter firewalls installed ______________________________. ✔✔between all wireless
networks and the CHD environment.
Where should firewalls be installed? ✔✔At each Internet connection and between any DMZ and
the internal network.
Review of firewall and router rule sets at least every __________________. ✔✔6 months
If disk encryption is used ✔✔logical access must be managed separately and independently of
native operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following:
✔✔Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? ✔✔Card verification value
, When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be masked are: All digits between the ___________ and the __________. ✔✔first 6;
last 4
Regarding protection of PAN... ✔✔PAN must be rendered unreadable during the transmission
over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? ✔✔Hashing
the entire PAN using strong cryptography
Weak security controls that should NOT be used ✔✔WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ ✔✔on all
system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: ✔✔1) Detect
2) Remove
3) Protect
Answers Graded A+
Perimeter firewalls installed ______________________________. ✔✔between all wireless
networks and the CHD environment.
Where should firewalls be installed? ✔✔At each Internet connection and between any DMZ and
the internal network.
Review of firewall and router rule sets at least every __________________. ✔✔6 months
If disk encryption is used ✔✔logical access must be managed separately and independently of
native operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following:
✔✔Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? ✔✔Card verification value
, When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be masked are: All digits between the ___________ and the __________. ✔✔first 6;
last 4
Regarding protection of PAN... ✔✔PAN must be rendered unreadable during the transmission
over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? ✔✔Hashing
the entire PAN using strong cryptography
Weak security controls that should NOT be used ✔✔WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ ✔✔on all
system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: ✔✔1) Detect
2) Remove
3) Protect
