PCI ISA Exam Questions with Accurate Answers
Which of the following is true regarding network segmentation? - -Network Segmentation
is not a PCI DSS requirement
-When must critical security patches be installed - -Within 1 month
-Which statement is true for a merchant using a validated P2PE solution? - -The merchant
is responsible for ensuring their own PCI compliance
-Which of the following applications may go through a PA-DSS review? - -Commercial
payment application without much customization
-Strong access control lists include: - -Don't allow risky protocols such as FTP or Telnet.
-Manufacturers of PIN Entry devices must adhere to which standard? - -PCI PTS
-PCI PA DSS standard covers which of the following - -Payment applications that store,
process or transmit cardholder data as part of authorization and or settlement
-Which is true about QIR installation - -PA DSS application installed by a QIR must still be
reviewed during the PCI DSS assessment
-In accordance with the PCI DSS Req 1, where are firewalls required - -Between any DMZ
and the internal network
-Which of the following best describes requirements for issuers regarding the retention of
sensitive authentication data? - -Issuers are permitted to retain sensitive authentication
data only if there is a business need to do so, to support the issuing function
-Perimeter firewalls must be implemented between the cardholder data environment and
which of the following networks? - -Any wireless network
-How often must firewall and router sets be reviewed? - -Every 6 months
-Which SAQ is applicable to an e-commerce service provider, providing they are eligible? -
-SAQ D
-
Which of the following is true regarding network segmentation? - -Network Segmentation
is not a PCI DSS requirement
-When must critical security patches be installed - -Within 1 month
-Which statement is true for a merchant using a validated P2PE solution? - -The merchant
is responsible for ensuring their own PCI compliance
-Which of the following applications may go through a PA-DSS review? - -Commercial
payment application without much customization
-Strong access control lists include: - -Don't allow risky protocols such as FTP or Telnet.
-Manufacturers of PIN Entry devices must adhere to which standard? - -PCI PTS
-PCI PA DSS standard covers which of the following - -Payment applications that store,
process or transmit cardholder data as part of authorization and or settlement
-Which is true about QIR installation - -PA DSS application installed by a QIR must still be
reviewed during the PCI DSS assessment
-In accordance with the PCI DSS Req 1, where are firewalls required - -Between any DMZ
and the internal network
-Which of the following best describes requirements for issuers regarding the retention of
sensitive authentication data? - -Issuers are permitted to retain sensitive authentication
data only if there is a business need to do so, to support the issuing function
-Perimeter firewalls must be implemented between the cardholder data environment and
which of the following networks? - -Any wireless network
-How often must firewall and router sets be reviewed? - -Every 6 months
-Which SAQ is applicable to an e-commerce service provider, providing they are eligible? -
-SAQ D
-
