PCI DSS 3.2.1
External ASV scans are required to be performed:
a)Monthly
b)Quarterly
c)Every six months
d)Annually - Correct Answer ✔ ✔ B
ASV scans must be performed quarterly.
Personnel must acknowledge at least ___________ that they have
read and understood the security policy and procedures.
a)Once
b)Annually
c)Quarterly
,d)Every six months - Correct Answer ✔ ✔ B
Requirement 12.6 states that personnel must acknowledge that they
have read the security policy at least annually.
When completing the ROC, how would you document a requirement
that was not yet implemented?
a)"Not in Place"
b)"In Place"
c)"Not Applicable"
d)Leave response blank - Correct Answer ✔ ✔ A
When completing a ROC for a PCI DSS assessment, the assessor must
mark any requirement that is not yet in place as "Not in Place".
When completing a ROC for a PCI DSS assessment, the assessor:
,a)Uses the ROC Reporting Template for all ROCs
b)Uses either their own template or the ROC Reporting Template
c)Uses the ROC Reporting Template only if the ROC is for a service
provider
d)Creates their own ROC template for reporting - Correct Answer ✔
✔ A
When completing a ROC for a PCI DSS assessment, the assessor uses
the ROC Reporting Template for all ROCs.
An Attestation of Compliance must be submitted ______________.
a)with all ROCs and SAQs
b)only if the entity is not compliant
c)only if the entity is compliant
, d)only if a QSA performed the assessment - Correct Answer ✔ ✔
A
An AOC must be submitted to the requesting entity with all ROCs and
SAQs.
Which statement is true regarding the use of compensating controls?
a)Controls must be in place to ensure compensating controls remain
effective after they've been assessed
b)Compensating controls cannot be changed once they have been
implemented
c)Compensating controls do not need to be documented
d)Compensating controls increase the risk to the organization -
Correct Answer ✔ ✔ A
External ASV scans are required to be performed:
a)Monthly
b)Quarterly
c)Every six months
d)Annually - Correct Answer ✔ ✔ B
ASV scans must be performed quarterly.
Personnel must acknowledge at least ___________ that they have
read and understood the security policy and procedures.
a)Once
b)Annually
c)Quarterly
,d)Every six months - Correct Answer ✔ ✔ B
Requirement 12.6 states that personnel must acknowledge that they
have read the security policy at least annually.
When completing the ROC, how would you document a requirement
that was not yet implemented?
a)"Not in Place"
b)"In Place"
c)"Not Applicable"
d)Leave response blank - Correct Answer ✔ ✔ A
When completing a ROC for a PCI DSS assessment, the assessor must
mark any requirement that is not yet in place as "Not in Place".
When completing a ROC for a PCI DSS assessment, the assessor:
,a)Uses the ROC Reporting Template for all ROCs
b)Uses either their own template or the ROC Reporting Template
c)Uses the ROC Reporting Template only if the ROC is for a service
provider
d)Creates their own ROC template for reporting - Correct Answer ✔
✔ A
When completing a ROC for a PCI DSS assessment, the assessor uses
the ROC Reporting Template for all ROCs.
An Attestation of Compliance must be submitted ______________.
a)with all ROCs and SAQs
b)only if the entity is not compliant
c)only if the entity is compliant
, d)only if a QSA performed the assessment - Correct Answer ✔ ✔
A
An AOC must be submitted to the requesting entity with all ROCs and
SAQs.
Which statement is true regarding the use of compensating controls?
a)Controls must be in place to ensure compensating controls remain
effective after they've been assessed
b)Compensating controls cannot be changed once they have been
implemented
c)Compensating controls do not need to be documented
d)Compensating controls increase the risk to the organization -
Correct Answer ✔ ✔ A
