PCI-DSS ISA Exam|Verified Exam
Questions with 100% Correct Clear
Answers|All Graded A+|100%
Guaranteed Success|Latest
Premium Update.
Perimeter firewalls installed ______________________________. -
Answer✅✅between all wireless networks and the CHD environment.
Where should firewalls be installed? - Answer✅✅At each Internet connection and
between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. -
Answer✅✅6 months
If disk encryption is used - Answer✅✅logical access must be managed separately
and independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the
following: - Answer✅✅Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - Answer✅✅Card verification
value
, When a PAN is displayed to an employee who does NOT need to see the full PAN,
the minimum digits to be masked are: All digits between the ___________ and the
__________. - Answer✅✅first 6; last 4
Regarding protection of PAN... - Answer✅✅PAN must be rendered unreadable
during the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable?
- Answer✅✅Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - Answer✅✅WEP, SSL, and TLS 1.0
or earlier
Per requirement 5, anti-virus technology must be deployed_________________ -
Answer✅✅on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - Answer✅✅1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - Answer✅✅there is
legitimate technical need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within
_________ of release. - Answer✅✅1 month
When to install applicable vendor-supplied security patches? - Answer✅✅within an
appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in
place to address common coding vulnerabilities includes: - Answer✅✅Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - Answer✅✅Need-to-know and least
privilege
Inactive accounts over _____________days need to be removed or disabled. -
Answer✅✅90 days
To verify user access termination policy, an ISA need to select a sample of user
terminated in the past _______________ months, and review current user access
lists—for both local and remote access—to verify that their IDs have been
deactivated or removed from the access lists. - Answer✅✅6 months
How many logon attempts should be allowed until resulting temporarily account
locked-out? - Answer✅✅6 attempts
Questions with 100% Correct Clear
Answers|All Graded A+|100%
Guaranteed Success|Latest
Premium Update.
Perimeter firewalls installed ______________________________. -
Answer✅✅between all wireless networks and the CHD environment.
Where should firewalls be installed? - Answer✅✅At each Internet connection and
between any DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. -
Answer✅✅6 months
If disk encryption is used - Answer✅✅logical access must be managed separately
and independently of native operating system authentication and access control
mechanisms
Manual clear-text key-management procedures specify processes for the use of the
following: - Answer✅✅Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - Answer✅✅Card verification
value
, When a PAN is displayed to an employee who does NOT need to see the full PAN,
the minimum digits to be masked are: All digits between the ___________ and the
__________. - Answer✅✅first 6; last 4
Regarding protection of PAN... - Answer✅✅PAN must be rendered unreadable
during the transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable?
- Answer✅✅Hashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - Answer✅✅WEP, SSL, and TLS 1.0
or earlier
Per requirement 5, anti-virus technology must be deployed_________________ -
Answer✅✅on all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - Answer✅✅1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - Answer✅✅there is
legitimate technical need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within
_________ of release. - Answer✅✅1 month
When to install applicable vendor-supplied security patches? - Answer✅✅within an
appropriate time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in
place to address common coding vulnerabilities includes: - Answer✅✅Reviewing
software development policies and procedures
Requirements 7 restricted access controls by: - Answer✅✅Need-to-know and least
privilege
Inactive accounts over _____________days need to be removed or disabled. -
Answer✅✅90 days
To verify user access termination policy, an ISA need to select a sample of user
terminated in the past _______________ months, and review current user access
lists—for both local and remote access—to verify that their IDs have been
deactivated or removed from the access lists. - Answer✅✅6 months
How many logon attempts should be allowed until resulting temporarily account
locked-out? - Answer✅✅6 attempts
