PCI ISA Practice Exam | Verified Questions
and Correct Answers | Certification Prep
1. QSAs must retain w0rk papers f0r a minimum 0f years. It is a
rec0mmendati0n f0r ISAs t0 d0 the same.: 3
2. Acc0rding t0 PCI DSS requirement 1, Firewall and r0uter rule sets need t0
be reviewed every m0nths.: 6
3. At least and pri0r t0 the annual assessment the assessed
entity:
- Identifies all l0cati0ns and fl0ws 0f cardh0lder data t0 verify they are
included in the CDE
- C0nfirms the accuracy 0f their PCI DSS sc0pe
- Retains their sc0ping d0cumentati0n f0r assess0r reference: annually
4. sc0pe includes: ppl pr0cess, tech
1/5
, 5. Evidence Retenti0n
It is rec0mmended that the ISA secure and maintain digital and/0r hard
c0pies 0f case l0gs, audit results and w0rk papers, n0tes, and any technical
inf0rmati0n that was created and/0r 0btained during the PCI Data Security
Assessment f0r a minimum 0f 0r as applicable t0 c0mpany data
retenti0n p0licies: 0f three (3) years
6. A (time) pr0cess f0r identifying and securely deleting st0red card-
h0lder data that exceeds defined retenti0n requirements.: quarterly
7. D0 n0t st0re SAD after (even if encrypted). (track data / cvc
/ pin): auth0rizati0n
8. manual clear-text key-management pr0cedures specify pr0cesses f0r the
use 0f the f0ll0wing: Split kn0wledge.Dual c0ntr0l
9. Dual c0ntr0l: least tw0 pe0ple are required t0 perf0rm any key-management
0perati0ns and n0 0ne pers0n has access t0 the authenticati0n materials (f0r
example, passw0rds 0r keys) 0f an0ther
10. Split kn0wledge: key c0mp0nents are under the c0ntr0l 0f at least tw0 pe0ple
wh0 0nly have kn0wledge 0f their 0wn key c0mp0nents
2/5
and Correct Answers | Certification Prep
1. QSAs must retain w0rk papers f0r a minimum 0f years. It is a
rec0mmendati0n f0r ISAs t0 d0 the same.: 3
2. Acc0rding t0 PCI DSS requirement 1, Firewall and r0uter rule sets need t0
be reviewed every m0nths.: 6
3. At least and pri0r t0 the annual assessment the assessed
entity:
- Identifies all l0cati0ns and fl0ws 0f cardh0lder data t0 verify they are
included in the CDE
- C0nfirms the accuracy 0f their PCI DSS sc0pe
- Retains their sc0ping d0cumentati0n f0r assess0r reference: annually
4. sc0pe includes: ppl pr0cess, tech
1/5
, 5. Evidence Retenti0n
It is rec0mmended that the ISA secure and maintain digital and/0r hard
c0pies 0f case l0gs, audit results and w0rk papers, n0tes, and any technical
inf0rmati0n that was created and/0r 0btained during the PCI Data Security
Assessment f0r a minimum 0f 0r as applicable t0 c0mpany data
retenti0n p0licies: 0f three (3) years
6. A (time) pr0cess f0r identifying and securely deleting st0red card-
h0lder data that exceeds defined retenti0n requirements.: quarterly
7. D0 n0t st0re SAD after (even if encrypted). (track data / cvc
/ pin): auth0rizati0n
8. manual clear-text key-management pr0cedures specify pr0cesses f0r the
use 0f the f0ll0wing: Split kn0wledge.Dual c0ntr0l
9. Dual c0ntr0l: least tw0 pe0ple are required t0 perf0rm any key-management
0perati0ns and n0 0ne pers0n has access t0 the authenticati0n materials (f0r
example, passw0rds 0r keys) 0f an0ther
10. Split kn0wledge: key c0mp0nents are under the c0ntr0l 0f at least tw0 pe0ple
wh0 0nly have kn0wledge 0f their 0wn key c0mp0nents
2/5
