PCI-DSS ISA Exam 2023 Questions and Answers Graded A+.

Perimeter firewalls installed ______________________________. - ANSWER-between all wireless networks and the CHD environment. Where should firewalls be installed? - ANSWER-At each Internet connection and between any DMZ and the internal network. Review of firewall and router rule sets at least every __________________. - ANSWER-6 months If disk encryption is used - ANSWER-logical access must be managed separately and independently of native operating system authentication and access control mechanisms Manual clear-text key-management procedures specify processes for the use of the following: - ANSWER-Split knowledge AND Dual control of keys What is considered "Sensitive Authentication Data"? - ANSWER-Card verification value When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to be masked are: All digits between the ___________ and the __________. - ANSWERfirst 6; last 4 Regarding protection of PAN... - ANSWER-PAN must be rendered unreadable during the transmission over public and wireless networks. Under requirement 3.4, what method must be used to render the PAN unreadable? - ANSWERHashing the entire PAN using strong cryptography Weak security controls that should NOT be used - ANSWER-WEP, SSL, and TLS 1.0 or earlier Per requirement 5, anti-virus technology must be deployed_________________ - ANSWER-on all system components commonly affected by malicious software. Key functions for anti-vius program per Requirement 5: - ANSWER-1) Detect 2) Remove 3) Protect Anti-virus solutions may be temporarily disabled only if - ANSWER-there is legitimate technical need, as authorized by management on a case-by-case basis When to install "critical" applicable vendor-supplied security patches? --- within _________ of release. - ANSWER-1 month When to install applicable vendor-supplied security patches? - ANSWER-within an appropriate time frame (for example, within three months). When assessing requirement 6.5, testing to verify secure coding techniques are in place to address common coding vulnerabilities includes: - ANSWER-Reviewing software development policies and procedures Requirements 7 restricted access controls by: - ANSWER-Need-to-know and least privilege Inactive accounts over _____________days need to be removed or disabled. - ANSWER-90 days To verify user access termination policy, an ISA need to select a sample of user terminated in the past _______________ months, and review current user access lists —for both local and remote access—to verify that their IDs have been deactivated or removed from the access lists. - ANSWER-6 months How many logon attempts should be allowed until resulting temporarily account lockedout? - ANSWER-6 attempts Once user account is locked-out, it will remain locked for a minimum of ________________________ or until a system administrator resets the account. - ANSWER-30 minutes System/session idle time out must be set to_________ minutes or less. - ANSWER-15 minutes What are the methods to authenticate users? - ANSWER-- "Something you know", such as a