PCI-DSS ISA Exam with Complete Solutions
Which of the following is true regarding network segmentation? - -Network
Segmentation is not a PCI DSS requirement
-When must critical security patches be installed - -Within 1 month
-Which statement is true for a merchant using a validated P2PE solution? - -
The merchant is responsible for ensuring their own PCI compliance
-Which of the following applications may go through a PA-DSS review? - -
Commercial payment application without much customization
-Strong access control lists include: - -Don't allow risky protocols such as FTP
or Telnet.
-Manufacturers of PIN Entry devices must adhere to which standard? - -PCI
PTS
-PCI PA DSS standard covers which of the following - -Payment applications
that store, process or transmit cardholder data as part of authorization and
or settlement
-Which is true about QIR installation - -PA DSS application installed by a QIR
must still be reviewed during the PCI DSS assessment
-In accordance with the PCI DSS Req 1, where are firewalls required - -
Between any DMZ and the internal network
-Which of the following best describes requirements for issuers regarding
the retention of sensitive authentication data? - -Issuers are permitted to
retain sensitive authentication data only if there is a business need to do so,
to support the issuing function
-Perimeter firewalls must be implemented between the cardholder data
environment and which of the following networks? - -Any wireless network
-How often must firewall and router sets be reviewed? - -Every 6 months
-Which SAQ is applicable to an e-commerce service provider, providing they
are eligible? - -SAQ D
-
Which of the following is true regarding network segmentation? - -Network
Segmentation is not a PCI DSS requirement
-When must critical security patches be installed - -Within 1 month
-Which statement is true for a merchant using a validated P2PE solution? - -
The merchant is responsible for ensuring their own PCI compliance
-Which of the following applications may go through a PA-DSS review? - -
Commercial payment application without much customization
-Strong access control lists include: - -Don't allow risky protocols such as FTP
or Telnet.
-Manufacturers of PIN Entry devices must adhere to which standard? - -PCI
PTS
-PCI PA DSS standard covers which of the following - -Payment applications
that store, process or transmit cardholder data as part of authorization and
or settlement
-Which is true about QIR installation - -PA DSS application installed by a QIR
must still be reviewed during the PCI DSS assessment
-In accordance with the PCI DSS Req 1, where are firewalls required - -
Between any DMZ and the internal network
-Which of the following best describes requirements for issuers regarding
the retention of sensitive authentication data? - -Issuers are permitted to
retain sensitive authentication data only if there is a business need to do so,
to support the issuing function
-Perimeter firewalls must be implemented between the cardholder data
environment and which of the following networks? - -Any wireless network
-How often must firewall and router sets be reviewed? - -Every 6 months
-Which SAQ is applicable to an e-commerce service provider, providing they
are eligible? - -SAQ D
-
