1|Page
PCI ISA EXAM BUNDLE DEAL
Perimeter firewalls installed
______________________________. - .....ANSWER...
✔✔ between all wireless networks and the CHD
environment.
Where should firewalls be installed? - .....ANSWER...
✔✔ At each Internet connection and between any
DMZ and the internal network.
Review of firewall and router rule sets at least every
__________________. - .....ANSWER... ✔✔ 6 months
If disk encryption is used - .....ANSWER... ✔✔ logical
access must be managed separately and independently
of native operating system authentication and access
control mechanisms
Manual clear-text key-management procedures specify
processes for the use of the following: - .....ANSWER...
✔✔ Split knowledge AND Dual control of keys
,2|Page
What is considered "Sensitive Authentication Data"? -
.....ANSWER... ✔✔ Card verification value
When a PAN is displayed to an employee who does
NOT need to see the full PAN, the minimum digits to be
masked are: All digits between the ___________ and
the __________. - .....ANSWER... ✔✔ first 6; last 4
Regarding protection of PAN... - .....ANSWER... ✔✔
PAN must be rendered unreadable during the
transmission over public and wireless networks.
Under requirement 3.4, what method must be used to
render the PAN unreadable? - .....ANSWER... ✔✔
Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used -
.....ANSWER... ✔✔ WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be
deployed_________________ - .....ANSWER... ✔✔
on all system components commonly affected by
malicious software.
, 3|Page
Key functions for anti-vius program per Requirement 5: -
.....ANSWER... ✔✔ 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if -
.....ANSWER... ✔✔ there is legitimate technical need,
as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied
security patches? ---> within _________ of release. -
.....ANSWER... ✔✔ 1 month
When to install applicable vendor-supplied security
patches? - .....ANSWER... ✔✔ within an appropriate
time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common
coding vulnerabilities includes: - .....ANSWER... ✔✔
Reviewing software development policies and
procedures
PCI ISA EXAM BUNDLE DEAL
Perimeter firewalls installed
______________________________. - .....ANSWER...
✔✔ between all wireless networks and the CHD
environment.
Where should firewalls be installed? - .....ANSWER...
✔✔ At each Internet connection and between any
DMZ and the internal network.
Review of firewall and router rule sets at least every
__________________. - .....ANSWER... ✔✔ 6 months
If disk encryption is used - .....ANSWER... ✔✔ logical
access must be managed separately and independently
of native operating system authentication and access
control mechanisms
Manual clear-text key-management procedures specify
processes for the use of the following: - .....ANSWER...
✔✔ Split knowledge AND Dual control of keys
,2|Page
What is considered "Sensitive Authentication Data"? -
.....ANSWER... ✔✔ Card verification value
When a PAN is displayed to an employee who does
NOT need to see the full PAN, the minimum digits to be
masked are: All digits between the ___________ and
the __________. - .....ANSWER... ✔✔ first 6; last 4
Regarding protection of PAN... - .....ANSWER... ✔✔
PAN must be rendered unreadable during the
transmission over public and wireless networks.
Under requirement 3.4, what method must be used to
render the PAN unreadable? - .....ANSWER... ✔✔
Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used -
.....ANSWER... ✔✔ WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be
deployed_________________ - .....ANSWER... ✔✔
on all system components commonly affected by
malicious software.
, 3|Page
Key functions for anti-vius program per Requirement 5: -
.....ANSWER... ✔✔ 1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if -
.....ANSWER... ✔✔ there is legitimate technical need,
as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied
security patches? ---> within _________ of release. -
.....ANSWER... ✔✔ 1 month
When to install applicable vendor-supplied security
patches? - .....ANSWER... ✔✔ within an appropriate
time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common
coding vulnerabilities includes: - .....ANSWER... ✔✔
Reviewing software development policies and
procedures
