PCI version 4.0 ISA Exam Questions and
Answers (Most Recent Version, Complete
Study Material)
Non-console administrator access to any web-based
management interfaces must be encrypted with technology
such as......... - Correct Answers ✅HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure
services, protocols and
daemons. Which of the following is considered to be secure? -
Correct Answers ✅SSH
Which of the following is consider "Sensitive Authentication
Data" - Correct Answers ✅Card Verification Value
(CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store Sensitive
Authentication after
authorization as long as it is strongly encrypted? - Correct
Answers ✅False
When a PAN is displayed to an employee who does NOT need
to see the full PAN, the minimum digits to be mased are -
Correct Answers ✅All digits between the first six and last
four
,PCI version 4.0 ISA Exam Questions and
Answers (Most Recent Version, Complete
Study Material)
Which of the following is true regarding protection of PAN? -
Correct Answers ✅PAN must be rendered unreadable
during transmission over public, wireless networks
Which of the following may be used to render PAN unreadable
in order to meet requirement 3.4 - Correct Answers
✅Hashing the entire PAN using strong cryptography
True or False Where keys are stored on production systems,
split knowledge and
dual control is required? - Correct Answers ✅True
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common coding
vulnerabilities includes - Correct Answers ✅Reviewing
software development policies and procedures
One of the principles to be used when granting user access to
systems in CDE is: - - Correct Answers ✅Least privilege
An example of a "one-way" cryptographic function used to
render data unreadable - Correct Answers ✅SHA-2
Keyed Cryptographic Hash - Correct Answers ✅A hashing
function that incorporates a randomly generated secret key
, PCI version 4.0 ISA Exam Questions and
Answers (Most Recent Version, Complete
Study Material)
to provide brute force attack resistance and secret
authentication integrity
Appropriate keyed cryptographic hashing algorithms include
but are not limited to: - Correct Answers ✅HMAC, CMAC,
and GMAC, with an effective cryptographic strength of at
least 128-bits (NIST SP 800-131Ar2).
A set of cryptographic hash functions designed by the
National Security Agency - Correct Answers ✅
True or False: Procedures must be developed to easily
distinguish the difference
between onsite personnel and visitors. - Correct Answers
✅True
When should access be revoked for recently terminated
employees? - Correct Answers ✅immediately
True or False: A visitor with a badge may enter sensitive area
unescorted. - - Correct Answers ✅False, visitors must be
escorted at all times.
Protection of keys used for encryption of cardholder data
against disclosure must
Answers (Most Recent Version, Complete
Study Material)
Non-console administrator access to any web-based
management interfaces must be encrypted with technology
such as......... - Correct Answers ✅HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure
services, protocols and
daemons. Which of the following is considered to be secure? -
Correct Answers ✅SSH
Which of the following is consider "Sensitive Authentication
Data" - Correct Answers ✅Card Verification Value
(CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store Sensitive
Authentication after
authorization as long as it is strongly encrypted? - Correct
Answers ✅False
When a PAN is displayed to an employee who does NOT need
to see the full PAN, the minimum digits to be mased are -
Correct Answers ✅All digits between the first six and last
four
,PCI version 4.0 ISA Exam Questions and
Answers (Most Recent Version, Complete
Study Material)
Which of the following is true regarding protection of PAN? -
Correct Answers ✅PAN must be rendered unreadable
during transmission over public, wireless networks
Which of the following may be used to render PAN unreadable
in order to meet requirement 3.4 - Correct Answers
✅Hashing the entire PAN using strong cryptography
True or False Where keys are stored on production systems,
split knowledge and
dual control is required? - Correct Answers ✅True
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common coding
vulnerabilities includes - Correct Answers ✅Reviewing
software development policies and procedures
One of the principles to be used when granting user access to
systems in CDE is: - - Correct Answers ✅Least privilege
An example of a "one-way" cryptographic function used to
render data unreadable - Correct Answers ✅SHA-2
Keyed Cryptographic Hash - Correct Answers ✅A hashing
function that incorporates a randomly generated secret key
, PCI version 4.0 ISA Exam Questions and
Answers (Most Recent Version, Complete
Study Material)
to provide brute force attack resistance and secret
authentication integrity
Appropriate keyed cryptographic hashing algorithms include
but are not limited to: - Correct Answers ✅HMAC, CMAC,
and GMAC, with an effective cryptographic strength of at
least 128-bits (NIST SP 800-131Ar2).
A set of cryptographic hash functions designed by the
National Security Agency - Correct Answers ✅
True or False: Procedures must be developed to easily
distinguish the difference
between onsite personnel and visitors. - Correct Answers
✅True
When should access be revoked for recently terminated
employees? - Correct Answers ✅immediately
True or False: A visitor with a badge may enter sensitive area
unescorted. - - Correct Answers ✅False, visitors must be
escorted at all times.
Protection of keys used for encryption of cardholder data
against disclosure must
