PCI-DSS ISA Exam | 100% Correct Answers |
Verified | Latest 2024 Version
Perimeter firewalls installed ______________________________. - ✔✔between all wireless networks
and the CHD environment.
Where should firewalls be installed? - ✔✔At each Internet connection and between any DMZ and the
internal network.
Review of firewall and router rule sets at least every __________________. - ✔✔6 months
If disk encryption is used - ✔✔logical access must be managed separately and independently of native
operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following: - ✔✔Split
knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ✔✔Card verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to
be masked are: All digits between the ___________ and the __________. - ✔✔first 6; last 4
Regarding protection of PAN... - ✔✔PAN must be rendered unreadable during the transmission over
public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? - ✔✔Hashing the
entire PAN using strong cryptography
Weak security controls that should NOT be used - ✔✔WEP, SSL, and TLS 1.0 or earlier
, Per requirement 5, anti-virus technology must be deployed_________________ - ✔✔on all system
components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ✔✔1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ✔✔there is legitimate technical need, as
authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________ of release. -
✔✔1 month
When to install applicable vendor-supplied security patches? - ✔✔within an appropriate time frame (for
example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to address
common coding vulnerabilities includes: - ✔✔Reviewing software development policies and procedures
Requirements 7 restricted access controls by: - ✔✔Need-to-know and least privilege
Inactive accounts over _____________days need to be removed or disabled. - ✔✔90 days
To verify user access termination policy, an ISA need to select a sample of user terminated in the past
_______________ months, and review current user access lists—for both local and remote access—to
verify that their IDs have been deactivated or removed from the access lists. - ✔✔6 months
How many logon attempts should be allowed until resulting temporarily account locked-out? - ✔✔6
attempts
Verified | Latest 2024 Version
Perimeter firewalls installed ______________________________. - ✔✔between all wireless networks
and the CHD environment.
Where should firewalls be installed? - ✔✔At each Internet connection and between any DMZ and the
internal network.
Review of firewall and router rule sets at least every __________________. - ✔✔6 months
If disk encryption is used - ✔✔logical access must be managed separately and independently of native
operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following: - ✔✔Split
knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ✔✔Card verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to
be masked are: All digits between the ___________ and the __________. - ✔✔first 6; last 4
Regarding protection of PAN... - ✔✔PAN must be rendered unreadable during the transmission over
public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? - ✔✔Hashing the
entire PAN using strong cryptography
Weak security controls that should NOT be used - ✔✔WEP, SSL, and TLS 1.0 or earlier
, Per requirement 5, anti-virus technology must be deployed_________________ - ✔✔on all system
components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ✔✔1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ✔✔there is legitimate technical need, as
authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________ of release. -
✔✔1 month
When to install applicable vendor-supplied security patches? - ✔✔within an appropriate time frame (for
example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to address
common coding vulnerabilities includes: - ✔✔Reviewing software development policies and procedures
Requirements 7 restricted access controls by: - ✔✔Need-to-know and least privilege
Inactive accounts over _____________days need to be removed or disabled. - ✔✔90 days
To verify user access termination policy, an ISA need to select a sample of user terminated in the past
_______________ months, and review current user access lists—for both local and remote access—to
verify that their IDs have been deactivated or removed from the access lists. - ✔✔6 months
How many logon attempts should be allowed until resulting temporarily account locked-out? - ✔✔6
attempts
