PCI DSS Fundamentals Exam questions with correct answers

A Sustainable Compliance Program must: CORRECT ANSWER Be implemented into Business-as-usual (BAU) activities as part of the organizations overall security strategy. True or False: The driving objective behind all PCI DSS compliance activities is to attain a compliant report. CORRECT ANSWER False ongoing security of cardholder data is the driving objective which will lead to a compliant report Effective metrics program can provide useful data for: CORRECT ANSWER Allocation of resources to minimize risk occurrence and measure the business consequences of security events. Security Goals should include: CORRECT ANSWER Continuous monitoring, testing, documenting implementation, effectiveness, efficiency, impact, and status of controls and activities. Control-failure response processes should include: CORRECT ANSWER minimizing the impact of the incident, restoring controls, performing root-cause analysis and remediation, implementing hardening standards and enhancing monitoring. True or False: 3rd party providers are monitored by issuers CORRECT ANSWER False, Organizations should develop and implement processes to monitor the compliance status of its service providers to determine whether a change in status requires a change in the relationship.