PCI ISA Flashcards 3.2.1|Exam Question and Answers

PCI ISA Flashcards 3.2.1|Exam Question and Answers For PCI DSS requirement 1, firewall and router rule sets need to be reviewed every _____________ months - Answer ️️ -6 months Non-console administrator access to any web-based management interfaces must be encrypted with technology such as......... - Answer ️️ -HTTPS Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and daemons. Which of the following is considered to be secure? - Answer ️️ -SSH, TLS, IPSEC, VPN Which of the following is considered "Sensitive Authentication Data"? - Answer ️️ -Card Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data, PIN/PIN Block True or False: It is acceptable for merchants to store Sensitive Authentication after authorization as long as it is strongly encrypted? - Answer ️️ -False When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to be masked are: - Answer ️️ -All digits between the first six and last four Which of the following is true regarding protection of PAN? - Answer ️️ -PAN must be rendered unreadable during transmission over public, wireless networks Which of the following may be used to render PAN unreadable in order to meet requirement 3.4? - Answer ️️ -Hashing the entire PAN using strong cryptography, truncation, index tokens and pads with pads being securely stored, strong cryptography with associated key-management processes and procedures True or False Manual clear-text key-management procedures specify processes for the use of keys that are stored on production systems, use of split knowledge and dual control is required. - Answer ️️ -True When assessing requirement 6.5, testing to verify secure coding techniques are in place to address common coding vulnerabilities includes: - Answer ️️ -Examine software development policies and procedures to verify that up-to-date training in secure coding techniques is required for developers at least annually, based on industry best practices and guidance One of the principles to be used when granting user access to systems in CDE is: - Answer ️️ - Least privilege An example of a "one-way" cryptographic function used to render data unreadable is: - Answer ️️ -SHA-2 A set of cryptographic hash functions designed by the National Security Agency (NS). - Answer ️️ -SHA-2 (Secure Hash Algorithm Inactive user accounts should be either removed or disabled within___ - Answer ️️ -90 days True or False: Procedures must be developed to easily distinguish the difference between onsite personnel and visitors. - Answer ️️ -True When should access be revoked of recently terminated employees? - Answer ️️ -immediately True or False: A visitor with a badge may enter sensitive area unescorted. - Answer ️️ -False, visitors must be escorted at all times. Protection of keys used for encryption of cardholder data against disclosure must include at least: (4 items) - Answer ️️ -*Access to keys is restricted to the fewest number of custodians necessary *Key-encrypting keys are at least as strong as the data-encrypting keys they protect *Key encrypting keys are stored separately from data-encrypting keys *Keys are stored securely in the fewest possible locations Description of cryptographic architecture includes: - Answer ️️ -*Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date *Description of the key usage for each