PCI ISA EXAM 200 REAL EXAM QUESTIONS AND VERIFIED
ANSWERS LATEST VERSION
Perimeter firewalls installed ______________________________. - ANSWER:
between all wireless networks and the CHD environment.
Where should firewalls be installed? - ANSWER: At each Internet connection and
between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. -
ANSWER: 6 months
If disk encryption is used - ANSWER: logical access must be managed separately and
independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the
following: - ANSWER: Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ANSWER: Card verification
value
When a PAN is displayed to an employee who does NOT need to see the full PAN,
the minimum digits to be masked are: All digits between the ___________ and the
__________. - ANSWER: first 6; last 4
Regarding protection of PAN... - ANSWER: PAN must be rendered unreadable during
the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
ANSWER: Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - ANSWER: WEP, SSL, and TLS 1.0 or
earlier
Per requirement 5, anti-virus technology must be deployed_________________ -
ANSWER: on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ANSWER: 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ANSWER: there is legitimate
technical need, as authorized by management on a case-by-case basis
, When to install "critical" applicable vendor-supplied security patches? ---> within
_________ of release. - ANSWER: 1 month
When to install applicable vendor-supplied security patches? - ANSWER: within an
appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in
place to address common coding vulnerabilities includes: - ANSWER: Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - ANSWER: Need-to-know and least
privilege
Inactive accounts over _____________days need to be removed or disabled. -
ANSWER: 90 days
To verify user access termination policy, an ISA need to select a sample of user
terminated in the past _______________ months, and review current user access
lists—for both local and remote access—to verify that their IDs have been
deactivated or removed from the access lists. - ANSWER: 6 months
How many logon attempts should be allowed until resulting temporarily account
locked-out? - ANSWER: 6 attempts
Once user account is locked-out, it will remain locked for a minimum of
________________________ or until a system administrator resets the account. -
ANSWER: 30 minutes
System/session idle time out must be set to_________ minutes or less. - ANSWER:
15 minutes
What are the methods to authenticate users? - ANSWER: - "Something you know",
such as a password or passphrase
- "Something you have", such as a token device or smart card, or
- "Something you are", such as a biometric.
Where passwords or pass-phrases are used, they must be at least _______
characters long and contain both numeric and alphabetic characters. - ANSWER: 7
Passwords must be changed at least once every__________________. - ANSWER: 90
days
Password history must also be in place to ensure that users' ________ previous
passwords can't be re-used. - ANSWER: 4
An example of a "one-way" cryptographic function used to render data unreadable
is: - ANSWER: SHA-2
ANSWERS LATEST VERSION
Perimeter firewalls installed ______________________________. - ANSWER:
between all wireless networks and the CHD environment.
Where should firewalls be installed? - ANSWER: At each Internet connection and
between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. -
ANSWER: 6 months
If disk encryption is used - ANSWER: logical access must be managed separately and
independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the
following: - ANSWER: Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ANSWER: Card verification
value
When a PAN is displayed to an employee who does NOT need to see the full PAN,
the minimum digits to be masked are: All digits between the ___________ and the
__________. - ANSWER: first 6; last 4
Regarding protection of PAN... - ANSWER: PAN must be rendered unreadable during
the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? -
ANSWER: Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - ANSWER: WEP, SSL, and TLS 1.0 or
earlier
Per requirement 5, anti-virus technology must be deployed_________________ -
ANSWER: on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ANSWER: 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ANSWER: there is legitimate
technical need, as authorized by management on a case-by-case basis
, When to install "critical" applicable vendor-supplied security patches? ---> within
_________ of release. - ANSWER: 1 month
When to install applicable vendor-supplied security patches? - ANSWER: within an
appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in
place to address common coding vulnerabilities includes: - ANSWER: Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - ANSWER: Need-to-know and least
privilege
Inactive accounts over _____________days need to be removed or disabled. -
ANSWER: 90 days
To verify user access termination policy, an ISA need to select a sample of user
terminated in the past _______________ months, and review current user access
lists—for both local and remote access—to verify that their IDs have been
deactivated or removed from the access lists. - ANSWER: 6 months
How many logon attempts should be allowed until resulting temporarily account
locked-out? - ANSWER: 6 attempts
Once user account is locked-out, it will remain locked for a minimum of
________________________ or until a system administrator resets the account. -
ANSWER: 30 minutes
System/session idle time out must be set to_________ minutes or less. - ANSWER:
15 minutes
What are the methods to authenticate users? - ANSWER: - "Something you know",
such as a password or passphrase
- "Something you have", such as a token device or smart card, or
- "Something you are", such as a biometric.
Where passwords or pass-phrases are used, they must be at least _______
characters long and contain both numeric and alphabetic characters. - ANSWER: 7
Passwords must be changed at least once every__________________. - ANSWER: 90
days
Password history must also be in place to ensure that users' ________ previous
passwords can't be re-used. - ANSWER: 4
An example of a "one-way" cryptographic function used to render data unreadable
is: - ANSWER: SHA-2
