PCI ISA Exam Questions And Answers 100% Verified

PCI ISA Exam Questions And Answers 100% Verified For PCI DSS requirement 1, firewall and router rule sets need to be reviewed every _____________ months - answer6 months Non-console administrator access to any web-based management interfaces must be encrypted with technology such as......... - answerHTTPS Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and daemons. Which of the following is considered to be secure? - answerSSH Which of the following is considered "Sensitive Authentication Data"? - answerCard Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data, PIN/PIN Block True or False: It is acceptable for merchants to store Sensitive Authentication after authorization as long as it is strongly encrypted? - answerFalse When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to be masked are: - answerAll digits between the first six and last four Which of the following is true regarding protection of PAN? - answerPAN must be rendered unreadable during transmission over public, wireless networks Which of the following may be used to render PAN unreadable in order to meet requirement 3.4? - answerHashing the entire PAN using strong cryptography True or False Where keys are stored on production systems, split knowledge and dual control is required? - answerTrue When assessing requirement 6.5, testing to verify secure coding techniques are in place to address common coding vulnerabilities includes: - answerReviewing software development policies and procedures One of the principles to be used when granting user access to systems in CDE is: - answerLeast privilege An example of a "one-way" cryptographic function used to render data unreadable is: - answerSHA-2 A set of cryptographic hash functions designed by the National Security Agency (NS). - answerSHA-2 (Secure Hash Algorithm Inactive user accounts should be either removed or disabled within___ - answer90 days True or False: Procedures must be developed to easily distinguish the difference between onsite personnel and visitors. - answerTrue When should access be revoked of recently terminated employees? - answerimmediately True or False: A visitor with a badge may enter sensitive area unescorted. - answerFalse, visitors must be escorted at all times. Protection of keys used for encryption of cardholder data against disclosure must include at least: (4 items) - answer*Access to keys is restricted to the fewest number of custodians necessary *Key-encrypting keys are at least as strong as the data-encrypting keys they protect *Key encrypting keys are stored separately from data-encrypting keys *Keys are stored securely in the fewest possible locations Description of cryptographic architecture includes: - answer*Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date *Description of the key usage for each key *Inventory of any HSMs and other SCDs used for key management What 2 methods must NOT be used to be disk-level encryption compliant - answer*Cannot use the same user account authenticator as the operating system *Cannot use a decryption key that is associated with or derived from the systems local user account database or general network login credentials. 6 months - answerDESV User accounts and access privileges are reviewed at least every______ Track 1 (Length up to 79 characters) - answerContains all fields of both Track 1 and Track 2 Track 2 (Length up to 40 characters) - answerProvides shorter processing time for older dial- up transmissions. DESV - answerDesignated Entities Supplemental Validation DESV Requirements: - answer*Implementing a PCI DSS Compliance program *Document and validate PCI DSS Scope *Validate PCI DSS is incorporated into business-as-usual (BAU) activities *Control and manage logical access to cardholder data environment