PCI - ISA Exam V1 (New Update) | Questions
with Verified Answers | Grade A | 100% Correct
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for
ISAs to do the same.
3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every
_____ months.
6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference
annually
scope includes
ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit
results and work papers, notes, and any technical information that was created and/or obtained
during the PCI Data Security Assessment for a minimum of ________ or as applicable to
company data retention policies
, PCI - ISA Exam V1 (New Update) | Questions
with Verified Answers | Grade A | 100% Correct
of three (3) years
A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds
defined retention requirements.
quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin)
authorization
manual clear-text key-management procedures specify processes for the use of the following
Split knowledge.Dual control
Dual control
least two people are required to perform any key-management operations and no one person has
access to the authentication materials (for example, passwords or keys) of another
Split knowledge
key components are under the control of at least two people who only have knowledge of their
own key components
PAN is rendered unreadable in which ways
hash
with Verified Answers | Grade A | 100% Correct
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for
ISAs to do the same.
3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every
_____ months.
6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference
annually
scope includes
ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit
results and work papers, notes, and any technical information that was created and/or obtained
during the PCI Data Security Assessment for a minimum of ________ or as applicable to
company data retention policies
, PCI - ISA Exam V1 (New Update) | Questions
with Verified Answers | Grade A | 100% Correct
of three (3) years
A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds
defined retention requirements.
quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin)
authorization
manual clear-text key-management procedures specify processes for the use of the following
Split knowledge.Dual control
Dual control
least two people are required to perform any key-management operations and no one person has
access to the authentication materials (for example, passwords or keys) of another
Split knowledge
key components are under the control of at least two people who only have knowledge of their
own key components
PAN is rendered unreadable in which ways
hash
