pci isa Exam Questions and Answers 100% Scores
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for
ISAs to do the same. - -3
-According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed
every _____ months. - -6
-At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference - -annually
-scope includes - -ppl process, tech
-Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs,
audit results and work papers, notes, and any technical information that was created
and/or obtained during the PCI Data Security Assessment for a minimum of ________ or as
applicable to company data retention policies - -of three (3) years
-A (time) ______ process for identifying and securely deleting stored cardholder data that
exceeds defined retention requirements. - -quarterly
-Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) - -
authorization
-manual clear-text key-management procedures specify processes for the use of the
following - -Split knowledge.Dual control
-Dual control - -least two people are required to perform any key-management operations
and no one person has access to the authentication materials (for example, passwords or
keys) of another
-Split knowledge - -key components are under the control of at least two people who only
have knowledge of their own key components
-PAN is rendered unreadable in which ways - -hash
mask
encrypt
pad
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for
ISAs to do the same. - -3
-According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed
every _____ months. - -6
-At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference - -annually
-scope includes - -ppl process, tech
-Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs,
audit results and work papers, notes, and any technical information that was created
and/or obtained during the PCI Data Security Assessment for a minimum of ________ or as
applicable to company data retention policies - -of three (3) years
-A (time) ______ process for identifying and securely deleting stored cardholder data that
exceeds defined retention requirements. - -quarterly
-Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) - -
authorization
-manual clear-text key-management procedures specify processes for the use of the
following - -Split knowledge.Dual control
-Dual control - -least two people are required to perform any key-management operations
and no one person has access to the authentication materials (for example, passwords or
keys) of another
-Split knowledge - -key components are under the control of at least two people who only
have knowledge of their own key components
-PAN is rendered unreadable in which ways - -hash
mask
encrypt
pad
