pci isa Exam Question & Answers
(Update 2025 )
QSAs must retain work papers for a minimum of _______
years. It is a recommendation for ISAs to do the same. -
CORRECT ANSWERS ✅3
According to PCI DSS requirement 1, Firewall and router
rule sets need to be reviewed every _____ months. -
CORRECT ANSWERS ✅6
At least ______________ and prior to the annual assessment
the assessed entity:
- Identifies all locations and flows of cardholder data to
verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor
reference - CORRECT ANSWERS ✅annually
scope includes - CORRECT ANSWERS ✅ppl process,
tech
Evidence Retention
It is recommended that the ISA secure and maintain
digital and/or hard copies of case logs, audit results and
, pci isa Exam Question & Answers
(Update 2025 )
work papers, notes, and any technical information that
was created and/or obtained during the PCI Data Security
Assessment for a minimum of ________ or as applicable to
company data retention policies - CORRECT ANSWERS
✅of three (3) years
A (time) ______ process for identifying and securely
deleting stored cardholder data that exceeds defined
retention requirements. - CORRECT ANSWERS
✅quarterly
Do not store SAD after ____________ (even if encrypted).
(track data / cvc / pin) - CORRECT ANSWERS
✅authorization
manual clear-text key-management procedures specify
processes for the use of the following - CORRECT
ANSWERS ✅Split knowledge.Dual control
Dual control - CORRECT ANSWERS ✅least two people
are required to perform any key-management operations
and no one person has access to the authentication
materials (for example, passwords or keys) of another
(Update 2025 )
QSAs must retain work papers for a minimum of _______
years. It is a recommendation for ISAs to do the same. -
CORRECT ANSWERS ✅3
According to PCI DSS requirement 1, Firewall and router
rule sets need to be reviewed every _____ months. -
CORRECT ANSWERS ✅6
At least ______________ and prior to the annual assessment
the assessed entity:
- Identifies all locations and flows of cardholder data to
verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor
reference - CORRECT ANSWERS ✅annually
scope includes - CORRECT ANSWERS ✅ppl process,
tech
Evidence Retention
It is recommended that the ISA secure and maintain
digital and/or hard copies of case logs, audit results and
, pci isa Exam Question & Answers
(Update 2025 )
work papers, notes, and any technical information that
was created and/or obtained during the PCI Data Security
Assessment for a minimum of ________ or as applicable to
company data retention policies - CORRECT ANSWERS
✅of three (3) years
A (time) ______ process for identifying and securely
deleting stored cardholder data that exceeds defined
retention requirements. - CORRECT ANSWERS
✅quarterly
Do not store SAD after ____________ (even if encrypted).
(track data / cvc / pin) - CORRECT ANSWERS
✅authorization
manual clear-text key-management procedures specify
processes for the use of the following - CORRECT
ANSWERS ✅Split knowledge.Dual control
Dual control - CORRECT ANSWERS ✅least two people
are required to perform any key-management operations
and no one person has access to the authentication
materials (for example, passwords or keys) of another
