PCI ASV EXAM - MULTIPLE QUESTIONS
WITH COMPLETE SOLUTIONS,GRADED A+
1 of 194
Term
Which encryption algorithm is considered strong for protecting
cardholder data?
MD5
DES
AES
SHA-1
Give this one a try later!
, Answer: c) Quarterly Answer: b) TLS
Answer: c) AES Answer: b) Requirement 6
Don't know?
2 of 194
Term
What is the primary objective of PCI DSS Requirement 9: Restrict
physical access to cardholder data?
a) Secure the network perimeter
b) Implement biometric authentication
c) Control physical access to sensitive areas
d) Conduct regular security awareness training
Give this one a try later!
Answer: c) Managing incident Answer: c) Control physical
response procedures access to sensitive areas
Answer: d) Preventing and Answer: b) Enhancing payment card
detecting malware on data security
systems
Don't know?
3 of 194
,Term
What is PCI DSS v3.2.1 requirement 2?
Give this one a try later!
Change - Do not use
vendor supplied defaults Keep vendor-supplied settings for
for system passwords and network configurations
other security parameters.
Update system software regularly Use standard passwords for all
with vendor defaults system accounts
Don't know?
4 of 194
Term
What is the primary focus of PCI DSS Requirement 5: Protect all
systems against malware and regularly update antivirus software?
a) Conducting regular vulnerability scans
b) Implementing biometric authentication
c) Ensuring protection against malware
d) Validating compliance for payment applications
Give this one a try later!
Answer: d) Ensuring secure Answer: d) Enforcing physical
development practices access controls
, Answer: d) Ensuring the Answer: c) Ensuring protection
effectiveness of security controls against malware
Don't know?
5 of 194
Term
What is sub-requirement 2.5?
Give this one a try later!
2.5 Ensure that security policies and operational procedures for managing
vendor defaults and other security parameters are documented, in use,
and known to all affected parties.
For public-facing web applications, address new threats and vulnerabilities on an
ongoing basis and ensure these applications are protected against known
attacks
Address common coding vulnerabilities in software-development processes as
follows:
• Train developers at least annually in up-to-date secure coding techniques,
Ensure that security policies and operational procedures for developing and
maintaining secure systems and applications are documented, in use, and
known to all affected parties.
Don't know?
WITH COMPLETE SOLUTIONS,GRADED A+
1 of 194
Term
Which encryption algorithm is considered strong for protecting
cardholder data?
MD5
DES
AES
SHA-1
Give this one a try later!
, Answer: c) Quarterly Answer: b) TLS
Answer: c) AES Answer: b) Requirement 6
Don't know?
2 of 194
Term
What is the primary objective of PCI DSS Requirement 9: Restrict
physical access to cardholder data?
a) Secure the network perimeter
b) Implement biometric authentication
c) Control physical access to sensitive areas
d) Conduct regular security awareness training
Give this one a try later!
Answer: c) Managing incident Answer: c) Control physical
response procedures access to sensitive areas
Answer: d) Preventing and Answer: b) Enhancing payment card
detecting malware on data security
systems
Don't know?
3 of 194
,Term
What is PCI DSS v3.2.1 requirement 2?
Give this one a try later!
Change - Do not use
vendor supplied defaults Keep vendor-supplied settings for
for system passwords and network configurations
other security parameters.
Update system software regularly Use standard passwords for all
with vendor defaults system accounts
Don't know?
4 of 194
Term
What is the primary focus of PCI DSS Requirement 5: Protect all
systems against malware and regularly update antivirus software?
a) Conducting regular vulnerability scans
b) Implementing biometric authentication
c) Ensuring protection against malware
d) Validating compliance for payment applications
Give this one a try later!
Answer: d) Ensuring secure Answer: d) Enforcing physical
development practices access controls
, Answer: d) Ensuring the Answer: c) Ensuring protection
effectiveness of security controls against malware
Don't know?
5 of 194
Term
What is sub-requirement 2.5?
Give this one a try later!
2.5 Ensure that security policies and operational procedures for managing
vendor defaults and other security parameters are documented, in use,
and known to all affected parties.
For public-facing web applications, address new threats and vulnerabilities on an
ongoing basis and ensure these applications are protected against known
attacks
Address common coding vulnerabilities in software-development processes as
follows:
• Train developers at least annually in up-to-date secure coding techniques,
Ensure that security policies and operational procedures for developing and
maintaining secure systems and applications are documented, in use, and
known to all affected parties.
Don't know?
