PCI-DSS Medium Test Questions
Review logs and security events for all system components to identify
anomalies or suspicious activity. - Correct Answer ✔ ✔ 10.6
Retain audit trail history for at least one year, with a minimum of
three months immediately available for analysis (for example, online,
archived, or restorable from backup). - Correct Answer ✔ ✔ 10.7
Ensure that security policies and operational procedures for
monitoring all access to network resources and cardholder data are
documented, in use, and known to all affected parties. - Correct
Answer ✔ ✔ 10.8
Implement processes to test for the presence of wireless access points
(802.11), and detect and identify all authorized and unauthorized
wireless access points on a quarterly basis. - Correct Answer ✔ ✔
11.1
,Run internal and external network vulnerability scans at least
quarterly and after any significant change in the network (such as new
system component installations, changes in network topology,
firewall rule modifications, product upgrades). - Correct Answer ✔
✔ 11.2
Implement a methodology for penetration testing. - Correct Answer
✔ ✔ 11.3
Use intrusion-detection and/or intrusion-prevention techniques to
detect and/or prevent intrusions into the network. Monitor all traffic
at the perimeter of the cardholder data environment as well as at
critical points in the cardholder data environment, and alert
personnel to suspected compromises. - Correct Answer ✔ ✔ 11.4
Deploy a change-detection mechanism (for example, file-integrity
monitoring tools) to alert personnel to unauthorized modification
(including changes, additions, and deletions) of critical system files,
configuration files, or content files; and configure the software to
, perform critical file comparisons at least weekly. - Correct Answer
✔ ✔ 11.5
Ensure that security policies and operational procedures for security
monitoring and testing are documented, in use, and known to all
affected parties. - Correct Answer ✔ ✔ 11.6
Establish, publish, maintain, and disseminate a security policy. -
Correct Answer ✔ ✔ 12.1
Implement a risk-assessment process - Correct Answer ✔ ✔ 12.2
Develop usage policies for critical technologies and define proper use
of these technologies. - Correct Answer ✔ ✔ 12.3
Ensure that the security policy and procedures clearly define
information security responsibilities for all personnel. - Correct
Answer ✔ ✔ 12.4
Assign to an individual or team information security management
responsibilities. - Correct Answer ✔ ✔ 12.5
Review logs and security events for all system components to identify
anomalies or suspicious activity. - Correct Answer ✔ ✔ 10.6
Retain audit trail history for at least one year, with a minimum of
three months immediately available for analysis (for example, online,
archived, or restorable from backup). - Correct Answer ✔ ✔ 10.7
Ensure that security policies and operational procedures for
monitoring all access to network resources and cardholder data are
documented, in use, and known to all affected parties. - Correct
Answer ✔ ✔ 10.8
Implement processes to test for the presence of wireless access points
(802.11), and detect and identify all authorized and unauthorized
wireless access points on a quarterly basis. - Correct Answer ✔ ✔
11.1
,Run internal and external network vulnerability scans at least
quarterly and after any significant change in the network (such as new
system component installations, changes in network topology,
firewall rule modifications, product upgrades). - Correct Answer ✔
✔ 11.2
Implement a methodology for penetration testing. - Correct Answer
✔ ✔ 11.3
Use intrusion-detection and/or intrusion-prevention techniques to
detect and/or prevent intrusions into the network. Monitor all traffic
at the perimeter of the cardholder data environment as well as at
critical points in the cardholder data environment, and alert
personnel to suspected compromises. - Correct Answer ✔ ✔ 11.4
Deploy a change-detection mechanism (for example, file-integrity
monitoring tools) to alert personnel to unauthorized modification
(including changes, additions, and deletions) of critical system files,
configuration files, or content files; and configure the software to
, perform critical file comparisons at least weekly. - Correct Answer
✔ ✔ 11.5
Ensure that security policies and operational procedures for security
monitoring and testing are documented, in use, and known to all
affected parties. - Correct Answer ✔ ✔ 11.6
Establish, publish, maintain, and disseminate a security policy. -
Correct Answer ✔ ✔ 12.1
Implement a risk-assessment process - Correct Answer ✔ ✔ 12.2
Develop usage policies for critical technologies and define proper use
of these technologies. - Correct Answer ✔ ✔ 12.3
Ensure that the security policy and procedures clearly define
information security responsibilities for all personnel. - Correct
Answer ✔ ✔ 12.4
Assign to an individual or team information security management
responsibilities. - Correct Answer ✔ ✔ 12.5
