100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
PCI ISA Exam Study Guide 100% Correct Answers Verified Latest 2024 Version $7.99   Add to cart

Exam (elaborations)

PCI ISA Exam Study Guide 100% Correct Answers Verified Latest 2024 Version

 5 views  0 purchase
  • Course
  • Institution

PCI ISA Exam Study Guide | 100% Correct Answers | Verified | Latest 2024 Version Non-console administrator access to any web-based management interfaces must be encrypted with technology such as......... - HTTPS Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and daemon...

[Show more]

Preview 2 out of 10  pages

  • July 3, 2024
  • 10
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
PCI ISA Exam Study Guide | 100% Correct
Answers | Verified | Latest 2024 Version
Non-console administrator access to any web-based management interfaces must be encrypted with
technology such as......... - ✔✔HTTPS



Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and daemons. Which of the
following is considered to be secure? - ✔✔SSH



Which of the following is considered "Sensitive Authentication Data"? - ✔✔Card Verification Value
(CAV2/CVC2/CVV2/CID), Full Track Data, PIN/PIN Block



True or False: It is acceptable for merchants to store Sensitive Authentication after authorization as long
as it is strongly encrypted? - ✔✔False



When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to
be masked are: - ✔✔All digits between the first six and last four



Which of the following is true regarding protection of PAN? - ✔✔PAN must be rendered unreadable
during transmission over public, wireless networks



Which of the following may be used to render PAN unreadable in order to meet requirement 3.4? -
✔✔Hashing the entire PAN using strong cryptography



True or False Where keys are stored on production systems, split knowledge and dual control is
required? - ✔✔True



When assessing requirement 6.5, testing to verify secure coding techniques are in place to address
common coding vulnerabilities includes: - ✔✔Reviewing software development policies and procedures



One of the principles to be used when granting user access to systems in CDE is: - ✔✔Least privilege

, An example of a "one-way" cryptographic function used to render data unreadable is: - ✔✔SHA-2



A set of cryptographic hash functions designed by the National Security Agency (NS). - ✔✔SHA-2 (Secure
Hash Algorithm



True or False: Procedures must be developed to easily distinguish the difference between onsite
personnel and visitors. - ✔✔True



When should access be revoked of recently terminated employees? - ✔✔immediately



True or False: A visitor with a badge may enter sensitive area unescorted. - ✔✔False, visitors must be
escorted at all times.



Protection of keys used for encryption of cardholder data against disclosure must include at least: (4
items) - ✔✔*Access to keys is restricted to the fewest number of custodians necessary

*Key-encrypting keys are at least as strong as the data-encrypting keys they protect

*Key encrypting keys are stored separately from data-encrypting keys

*Keys are stored securely in the fewest possible locations



Description of cryptographic architecture includes: - ✔✔*Details of all algorithms, protocols, and keys
used for the protection of cardholder data, including key strength and expiry date

*Description of the key usage for each key

*Inventory of any HSMs and other SCDs used for key management



What 2 methods must NOT be used to be disk-level encryption compliant - ✔✔*Cannot use the same
user account authenticator as the operating system

*Cannot use a decryption key that is associated with or derived from the systems local user account
database or general network login credentials.



6 months - ✔✔DESV User accounts and access privileges are reviewed at least every______

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller hov. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart