PCI - ISA Exam V2 (New Update) | Complete
Questions with Verified Answers | Grade A | 100% Correct
Non-console administrator access to any web-based management interfaces must be encrypted
with technology such as.........
HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and
daemons. Which of the following is considered to be secure?
SSH
Which of the following is consider "Sensitive Authentication Data"
Card Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store Sensitive Authentication after
authorization as long as it is strongly encrypted?
False
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be mased are
All digits between the first six and last four
Which of the following is true regarding protection of PAN?
, PCI - ISA Exam V2 (New Update) | Complete
Questions with Verified Answers | Grade A | 100% Correct
PAN must be rendered unreadable during transmission over public, wireless networks
Which of the following may be used to render PAN unreadable in order to meet requirement 3.4
Hashing the entire PAN using strong cryptography
True or False Where keys are stored on production systems, split knowledge and
dual control is required?
True
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes
Reviewing software development policies and procedures
One of the principles to be used when granting user access to systems in CDE is: -
Least privilege
An example of a "one-way" cryptographic function used to render data unreadable
SHA-2
Keyed Cryptographic Hash
, PCI - ISA Exam V2 (New Update) | Complete
Questions with Verified Answers | Grade A | 100% Correct
A hashing function that incorporates a randomly generated secret key to provide brute force
attack resistance and secret authentication integrity
Appropriate keyed cryptographic hashing algorithms include but are not limited to:
HMAC, CMAC, and GMAC, with an effective cryptographic strength of at least 128-bits (NIST
SP 800-131Ar2).
A set of cryptographic hash functions designed by the National Security Agency
True or False: Procedures must be developed to easily distinguish the difference
between onsite personnel and visitors.
True
When should access be revoked for recently terminated employees?
immediately
True or False: A visitor with a badge may enter sensitive area unescorted. -
False, visitors must be escorted at all times.
Protection of keys used for encryption of cardholder data against disclosure must
include at least: (4 items)
Questions with Verified Answers | Grade A | 100% Correct
Non-console administrator access to any web-based management interfaces must be encrypted
with technology such as.........
HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and
daemons. Which of the following is considered to be secure?
SSH
Which of the following is consider "Sensitive Authentication Data"
Card Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store Sensitive Authentication after
authorization as long as it is strongly encrypted?
False
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be mased are
All digits between the first six and last four
Which of the following is true regarding protection of PAN?
, PCI - ISA Exam V2 (New Update) | Complete
Questions with Verified Answers | Grade A | 100% Correct
PAN must be rendered unreadable during transmission over public, wireless networks
Which of the following may be used to render PAN unreadable in order to meet requirement 3.4
Hashing the entire PAN using strong cryptography
True or False Where keys are stored on production systems, split knowledge and
dual control is required?
True
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes
Reviewing software development policies and procedures
One of the principles to be used when granting user access to systems in CDE is: -
Least privilege
An example of a "one-way" cryptographic function used to render data unreadable
SHA-2
Keyed Cryptographic Hash
, PCI - ISA Exam V2 (New Update) | Complete
Questions with Verified Answers | Grade A | 100% Correct
A hashing function that incorporates a randomly generated secret key to provide brute force
attack resistance and secret authentication integrity
Appropriate keyed cryptographic hashing algorithms include but are not limited to:
HMAC, CMAC, and GMAC, with an effective cryptographic strength of at least 128-bits (NIST
SP 800-131Ar2).
A set of cryptographic hash functions designed by the National Security Agency
True or False: Procedures must be developed to easily distinguish the difference
between onsite personnel and visitors.
True
When should access be revoked for recently terminated employees?
immediately
True or False: A visitor with a badge may enter sensitive area unescorted. -
False, visitors must be escorted at all times.
Protection of keys used for encryption of cardholder data against disclosure must
include at least: (4 items)
