PCI ISA EXAM WITH COMPLETE QUESTIONS AND ANSWERS GRADED (A+)

Train developers at least ________ in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory. - answer: annually Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least ___________________ or automated technical solution that detects and prevents web-based attacks active _________ - answer: annually and after any changes all the time Observe user accounts to verify that any inactive accounts over __________ are either removed or disabled. - answer90 days old For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than ___________ invalid logon attempts. - answer6 once a user account is locked out, it remains locked for a minimum of _____________ or ____________ - answer30 mins or until a system administrator resets the account idle time out features have been set to ________ - answer15 mins or less For a sample of system components, inspect system configuration settings to verify that user password/passphrase parameters are set to require users to change passwords at least once every ______. - answer90 days new passwords/passphrases cannot be the same as the ____________ previously used passwords/passphrases - answer4 Verify that data from video cameras and/or access control mechanisms is reviewed, and that data is stored for ______________ - answer: at least three months. visitor log is - answer: retains for 3 month name, firm, escort, Verify that the storage location security is reviewed at least _________ to confirm that backup media storage is secure. - answer: annually Review media inventory logs to verify that logs are maintained and media inventories are performed at least _____________ - answer: annually reviewing the following at least __________, either manually or via log tools: All security events, Logs of all system components that store, process, or transmit CHD and/or SAD Logs of all critical system components Logs of all servers and system components that perform security functions - Answer: daily reviewing logs of all other system components _______—either manually or via log tools—based on the organization's policies and risk management strategy. - Answer: periodically retaining audit logs for at least _________, with a minimum of ________________ immediately available online - Answer: one year 3 months Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a _______________ basis - Answer: quarterly Run internal and external network vulnerability scans at least _____ and __________________ in the network - Answer: quarterly and after any significant change verify that __________ internal/(external ASV) scans occurred in the most recent _________ Answer: four quarterly 12-month period penetration testing when? how about service providers on seg controls?? Answer: quarterly and after sig changes 6 months and sig changes