PCI ISA Flashcards 3.2.1 Exam
Question & Answers 2025
Non-console administrator access to any web-based
management interfaces must be encrypted with
technology such as......... - CORRECT ANSWERS
✔✔HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure
services, protocols and daemons. Which of the following
is considered to be secure? - CORRECT ANSWERS
✔✔SSH
Which of the following is considered "Sensitive
Authentication Data"? - CORRECT ANSWERS ✔✔Card
Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store
Sensitive Authentication after authorization as long as it
is strongly encrypted? - CORRECT ANSWERS ✔✔False
When a PAN is displayed to an employee who does NOT
need to see the full PAN, the minimum digits to be
masked are: - CORRECT ANSWERS ✔✔All digits
between the first six and last four
,PCI ISA Flashcards 3.2.1 Exam
Question & Answers 2025
Which of the following is true regarding protection of
PAN? - CORRECT ANSWERS ✔✔PAN must be
rendered unreadable during transmission over public,
wireless networks
Which of the following may be used to render PAN
unreadable in order to meet requirement 3.4? -
CORRECT ANSWERS ✔✔Hashing the entire PAN using
strong cryptography
True or False Where keys are stored on production
systems, split knowledge and dual control is required? -
CORRECT ANSWERS ✔✔True
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common coding
vulnerabilities includes: - CORRECT ANSWERS
✔✔Reviewing software development policies and
procedures
One of the principles to be used when granting user
access to systems in CDE is: - CORRECT ANSWERS
✔✔Least privilege
, PCI ISA Flashcards 3.2.1 Exam
Question & Answers 2025
An example of a "one-way" cryptographic function used
to render data unreadable is: - CORRECT ANSWERS
✔✔SHA-2
A set of cryptographic hash functions designed by the
National Security Agency (NS). - CORRECT ANSWERS
✔✔SHA-2 (Secure Hash Algorithm
True or False: Procedures must be developed to easily
distinguish the difference between onsite personnel and
visitors. - CORRECT ANSWERS ✔✔True
When should access be revoked of recently terminated
employees? - CORRECT ANSWERS ✔✔immediately
True or False: A visitor with a badge may enter sensitive
area unescorted. - CORRECT ANSWERS ✔✔False,
visitors must be escorted at all times.
Protection of keys used for encryption of cardholder data
against disclosure must include at least: (4 items) -
CORRECT ANSWERS ✔✔*Access to keys is restricted
to the fewest number of custodians necessary
Question & Answers 2025
Non-console administrator access to any web-based
management interfaces must be encrypted with
technology such as......... - CORRECT ANSWERS
✔✔HTTPS
Requirements 2.2.2 and 2.2.3 cover the use of secure
services, protocols and daemons. Which of the following
is considered to be secure? - CORRECT ANSWERS
✔✔SSH
Which of the following is considered "Sensitive
Authentication Data"? - CORRECT ANSWERS ✔✔Card
Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data,
PIN/PIN Block
True or False: It is acceptable for merchants to store
Sensitive Authentication after authorization as long as it
is strongly encrypted? - CORRECT ANSWERS ✔✔False
When a PAN is displayed to an employee who does NOT
need to see the full PAN, the minimum digits to be
masked are: - CORRECT ANSWERS ✔✔All digits
between the first six and last four
,PCI ISA Flashcards 3.2.1 Exam
Question & Answers 2025
Which of the following is true regarding protection of
PAN? - CORRECT ANSWERS ✔✔PAN must be
rendered unreadable during transmission over public,
wireless networks
Which of the following may be used to render PAN
unreadable in order to meet requirement 3.4? -
CORRECT ANSWERS ✔✔Hashing the entire PAN using
strong cryptography
True or False Where keys are stored on production
systems, split knowledge and dual control is required? -
CORRECT ANSWERS ✔✔True
When assessing requirement 6.5, testing to verify secure
coding techniques are in place to address common coding
vulnerabilities includes: - CORRECT ANSWERS
✔✔Reviewing software development policies and
procedures
One of the principles to be used when granting user
access to systems in CDE is: - CORRECT ANSWERS
✔✔Least privilege
, PCI ISA Flashcards 3.2.1 Exam
Question & Answers 2025
An example of a "one-way" cryptographic function used
to render data unreadable is: - CORRECT ANSWERS
✔✔SHA-2
A set of cryptographic hash functions designed by the
National Security Agency (NS). - CORRECT ANSWERS
✔✔SHA-2 (Secure Hash Algorithm
True or False: Procedures must be developed to easily
distinguish the difference between onsite personnel and
visitors. - CORRECT ANSWERS ✔✔True
When should access be revoked of recently terminated
employees? - CORRECT ANSWERS ✔✔immediately
True or False: A visitor with a badge may enter sensitive
area unescorted. - CORRECT ANSWERS ✔✔False,
visitors must be escorted at all times.
Protection of keys used for encryption of cardholder data
against disclosure must include at least: (4 items) -
CORRECT ANSWERS ✔✔*Access to keys is restricted
to the fewest number of custodians necessary
