PCI ISA EXAM 50 QUESTIONS AND ANSWERS 2023/2024 GRADED A+.

PCI ISA EXAM 50 QUESTIONS AND ANSWERS 2023/2024 GRADED A+. pci isa 1. QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do the same.: 3 2. According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _____ months.: 6 3. At least ______________ and prior to the annual assessment the assessed entity: - Identifies all locations and flows of cardholder data to verify they are included in the CDE - Confirms the accuracy of their PCI DSS scope - Retains their scoping documentation for assessor reference: annually 4. scope includes: ppl process, tech 5. Evidence Retention It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results and work papers, notes, and any technical information that was created and/or obtained during the PCI Data Security Assessment for a minimum of ________ or as applicable to company data retention policies: of three (3) years 6. A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements.: quarterly 7. Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin): authorization 8. manual clear-text key-management procedures specify processes for the use of the following: Split knowledge.Dual control 9. Dual control: least two people are required to perform any key-management operations and no one person has access to the authentication materials (for example, passwords or keys) of another 10. Split knowledge: key components are under the control of at least two people who only have knowledge of their own key components 11. PAN is rendered unreadable in which ways: hash mask encrypt pad 12. Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within _____ of release.: one month 13. Installation of all applicable vendor-supplied security patches within an ___________________: appropriate time frame (for example, within three months) 1 / 4