PCI ISA Test Prep | 100% Correct Answers |
Verified | Latest 2024 Version
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do
the same. - ✔✔3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _____
months. - ✔✔6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference - ✔✔annually
scope includes - ✔✔ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results
and work papers, notes, and any technical information that was created and/or obtained during the PCI
Data Security Assessment for a minimum of ________ or as applicable to company data retention
policies - ✔✔of three (3) years
A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds
defined retention requirements. - ✔✔quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) - ✔✔authorization
manual clear-text key-management procedures specify processes for the use of the following - ✔✔Split
knowledge.Dual control
, Dual control - ✔✔least two people are required to perform any key-management operations and no one
person has access to the authentication materials (for example, passwords or keys) of another
Split knowledge - ✔✔key components are under the control of at least two people who only have
knowledge of their own key components
PAN is rendered unreadable in which ways - ✔✔hash
mask
encrypt
pad
Ensure that all system components and software are protected from known vulnerabilities by installing
applicable vendor-supplied security patches. Install critical security patches within _____ of release. -
✔✔one month
Installation of all applicable vendor-supplied security patches within an ___________________ -
✔✔appropriate time frame (for example, within three months)
makes sure change control has these 4 things - ✔✔impack
testing (PCI review)
backout
approval
Train developers at least ________ in up-to-date secure coding techniques, including how to avoid
common coding vulnerabilities, and understanding how sensitive data is handled in memory. -
✔✔annually
Reviewing public-facing web applications via manual or automated application vulnerability security
assessment tools or methods, at least ___________________
Verified | Latest 2024 Version
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do
the same. - ✔✔3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _____
months. - ✔✔6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference - ✔✔annually
scope includes - ✔✔ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results
and work papers, notes, and any technical information that was created and/or obtained during the PCI
Data Security Assessment for a minimum of ________ or as applicable to company data retention
policies - ✔✔of three (3) years
A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds
defined retention requirements. - ✔✔quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) - ✔✔authorization
manual clear-text key-management procedures specify processes for the use of the following - ✔✔Split
knowledge.Dual control
, Dual control - ✔✔least two people are required to perform any key-management operations and no one
person has access to the authentication materials (for example, passwords or keys) of another
Split knowledge - ✔✔key components are under the control of at least two people who only have
knowledge of their own key components
PAN is rendered unreadable in which ways - ✔✔hash
mask
encrypt
pad
Ensure that all system components and software are protected from known vulnerabilities by installing
applicable vendor-supplied security patches. Install critical security patches within _____ of release. -
✔✔one month
Installation of all applicable vendor-supplied security patches within an ___________________ -
✔✔appropriate time frame (for example, within three months)
makes sure change control has these 4 things - ✔✔impack
testing (PCI review)
backout
approval
Train developers at least ________ in up-to-date secure coding techniques, including how to avoid
common coding vulnerabilities, and understanding how sensitive data is handled in memory. -
✔✔annually
Reviewing public-facing web applications via manual or automated application vulnerability security
assessment tools or methods, at least ___________________
