Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

PCI DSS Exam Questions and Answers, Exams of Physical Activity and Sport Sciences

United States Naval Academy (USNA)Physical Activity and Sport Sciences

A collection of questions and answers related to the payment card industry data security standard (pci dss). It covers various aspects of pci dss compliance, including data security, network security, vulnerability management, access control, and more. Useful for individuals preparing for pci dss exams or seeking to understand the key requirements of the standard.

Typology: Exams

2024/2025

Available from 01/13/2025

ProfGoodluck
ProfGoodluck 🇺🇸

3.9

(8)

1.6K documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
PCI ISA Exam (100 out of 100) Questions and
Answers (Latest Update) Download To Score An A
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do
the same.
3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _____
months.
6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference
annually
scope includes
ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results
and work papers, notes, and any technical information that was created and/or obtained during the PCI
Data Security Assessment for a minimum of ________ or as applicable to company data retention
policies
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download PCI DSS Exam Questions and Answers and more Exams Physical Activity and Sport Sciences in PDF only on Docsity!

PCI ISA Exam (100 out of 100) Questions and

Answers (Latest Update) Download To Score An A

QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do the same. 3 According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _____ months. 6 At least ______________ and prior to the annual assessment the assessed entity:

  • Identifies all locations and flows of cardholder data to verify they are included in the CDE
  • Confirms the accuracy of their PCI DSS scope
  • Retains their scoping documentation for assessor reference annually scope includes ppl process, tech Evidence Retention It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results and work papers, notes, and any technical information that was created and/or obtained during the PCI Data Security Assessment for a minimum of ________ or as applicable to company data retention policies

of three (3) years A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements. quarterly Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) authorization manual clear-text key-management procedures specify processes for the use of the following Split knowledge.Dual control Dual control least two people are required to perform any key-management operations and no one person has access to the authentication materials (for example, passwords or keys) of another Split knowledge key components are under the control of at least two people who only have knowledge of their own key components PAN is rendered unreadable in which ways hash mask encrypt

annually and after any changes all the time Observe user accounts to verify that any inactive accounts over __________ are either removed or disabled. 90 days old For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than ___________ invalid logon attempts. 6 once a user account is locked out, it remains locked for a minimum of _____________ or ____________ 30 mins or until a system administrator resets the account idle time out features have been set to ________ 15 mins or less For a sample of system components, inspect system configuration settings to verify that user password/passphrase parameters are set to require users to change passwords at least once every ______. 90 days

new passwords/passphrases cannot be the same as the ____________ previously used passwords/passphrases 4 Verify that data from video cameras and/or access control mechanisms is reviewed, and that data is stored for ______________ at least three months. visitor log is retains for 3 month name, firm, escort Verify that the storage location security is reviewed at least _________ to confirm that backup media storage is secure. annually Review media inventory logs to verify that logs are maintained and media inventories are performed at least _____________ annually reviewing the following at least __________, either manually or via log tools:

four quarterly 12 - month period penetration testing when? how about service providers on seg controls?? quarterly and after sig changes 6 months and sig changes IDS/IPS where? at perimeter of CDE and at crit points in CDE perform critical file comparisons at least ___________ weekly information security policy reviewed when? annually and sig changes entities monitor its service providers' PCI DSS compliance status at least ________ annually

incident response plan tested when? annually service providers only: Perform reviews at least _____ to confirm personnel are following security policies and operational procedures. quarterly Where POS POI terminals (and the SSL/TLS termination points to which they connect) use SSL and/or early TLS, the entity must either: Confirm the devices are not susceptible to any known exploits for those protocols, or Have a formal Risk Mitigation and Migration Plan in place DESV User accounts and access privileges are reviewed at least every _________ six months PCI DSS requirements are applicable wherever _______________ is stored, processed, or transmitted PAN or SAD Contains all fields of both Track 1 and Track 2 track 1 (Length up to 79 characters) track 2 contains? Provides shorter processing time for older dial-up transmissions