PCI-DSS ISA Exam Questions And Answers
External vulnerability scans must be run by ____________ and
perform ________________. - Correct Answer ✔ ✔ an ASV;
quarterly
For external scans, no vulnerabilities exist that are scored
_____________ by the CVSS. - Correct Answer ✔ ✔ 4.0 or higher
Penetration testing for "Service Provider" in which targeting
segmentation controls must be perform every __________________. -
Correct Answer ✔ ✔ 6 months
FIM tools must be configured to perform critical file comparisons
check at least_______________, - Correct Answer ✔ ✔ weekly
A retail location that does not use wireless devices in store must test
for the presence of unauthorized wireless devices every
________________. - Correct Answer ✔ ✔ quarter
, Verify that personnel attend security awareness training upon hire
and at least___________________. - Correct Answer ✔ ✔
annually
Appendix A1 applies to - Correct Answer ✔ ✔ hosting providers
Appendix A2 applies to - Correct Answer ✔ ✔ entities using
SSL/Early TLS
Appendix A3 applies to - Correct Answer ✔ ✔ Designated Entities
Supplemental Validation (DESV)
An entity is required to undergo an assessment according to this
Appendix ONLY if instructed to do so by
an acquirer or a payment brand.
Designated entities (DESV) must document and confirm the accuracy
of PCI DSS scope at least_________ and upon significant changes to
the in-scope environment. - Correct Answer ✔ ✔ quarterly
External vulnerability scans must be run by ____________ and
perform ________________. - Correct Answer ✔ ✔ an ASV;
quarterly
For external scans, no vulnerabilities exist that are scored
_____________ by the CVSS. - Correct Answer ✔ ✔ 4.0 or higher
Penetration testing for "Service Provider" in which targeting
segmentation controls must be perform every __________________. -
Correct Answer ✔ ✔ 6 months
FIM tools must be configured to perform critical file comparisons
check at least_______________, - Correct Answer ✔ ✔ weekly
A retail location that does not use wireless devices in store must test
for the presence of unauthorized wireless devices every
________________. - Correct Answer ✔ ✔ quarter
, Verify that personnel attend security awareness training upon hire
and at least___________________. - Correct Answer ✔ ✔
annually
Appendix A1 applies to - Correct Answer ✔ ✔ hosting providers
Appendix A2 applies to - Correct Answer ✔ ✔ entities using
SSL/Early TLS
Appendix A3 applies to - Correct Answer ✔ ✔ Designated Entities
Supplemental Validation (DESV)
An entity is required to undergo an assessment according to this
Appendix ONLY if instructed to do so by
an acquirer or a payment brand.
Designated entities (DESV) must document and confirm the accuracy
of PCI DSS scope at least_________ and upon significant changes to
the in-scope environment. - Correct Answer ✔ ✔ quarterly
