Qualys PCI EXAM QUESTIONS AND
ANSWERS (GRADED A)
1. Which of the following best describes the recommended process for
achieving the PCI DSS 11.2.2 external scanning requirement? - ANSWER-
A)Scan, Remediate, Report
2. Sensitive authentication data should never be: - ANSWER-B)Stored
3. PCI Security Standards Council is made up of: - ANSWER-A)Major Credit
Card Companies
4. The "stakeholder that is required to hold the Scan Customer responsible
for compliance is: - ANSWER-D)QSA
5. vulnerability scan report that was created using the PCI Scan Report
Template (in Qualys VM), will display each detected vulnerability, along with
its______________. - ANSWER-A)PASS/FAIL status
, 17. The entity that does a full assessment of an organization, covering the
full Data Security Standard is: - ANSWER-B)Qualified Security Assessor
18. Which of the following, is an option you can adjust with each PCI
compliance scan? (choose 2) - ANSWER-A)TCP ports
B)Target IPs
19. According to the PCI DSS, requests to review suspected "false positives
must be resubmitted every______ days. - ANSWER-A)90
6. PCI DSS 11.2.1 (internal scanning) requires the resolution of_________
vulnerabilities. - ANSWER-B)High-risk
7. When viewing vulnerability details from an external PCI scan, you can view
the following data (choose 3): - ANSWER-A)solution
B)results
D)threat
8. Which PCI DSS "Stakeholder" does Qualys represent? - ANSWER-
A)Approved Scanning Vendor (ASV)
ANSWERS (GRADED A)
1. Which of the following best describes the recommended process for
achieving the PCI DSS 11.2.2 external scanning requirement? - ANSWER-
A)Scan, Remediate, Report
2. Sensitive authentication data should never be: - ANSWER-B)Stored
3. PCI Security Standards Council is made up of: - ANSWER-A)Major Credit
Card Companies
4. The "stakeholder that is required to hold the Scan Customer responsible
for compliance is: - ANSWER-D)QSA
5. vulnerability scan report that was created using the PCI Scan Report
Template (in Qualys VM), will display each detected vulnerability, along with
its______________. - ANSWER-A)PASS/FAIL status
, 17. The entity that does a full assessment of an organization, covering the
full Data Security Standard is: - ANSWER-B)Qualified Security Assessor
18. Which of the following, is an option you can adjust with each PCI
compliance scan? (choose 2) - ANSWER-A)TCP ports
B)Target IPs
19. According to the PCI DSS, requests to review suspected "false positives
must be resubmitted every______ days. - ANSWER-A)90
6. PCI DSS 11.2.1 (internal scanning) requires the resolution of_________
vulnerabilities. - ANSWER-B)High-risk
7. When viewing vulnerability details from an external PCI scan, you can view
the following data (choose 3): - ANSWER-A)solution
B)results
D)threat
8. Which PCI DSS "Stakeholder" does Qualys represent? - ANSWER-
A)Approved Scanning Vendor (ASV)
