PCI ISA EXAM ACTUAL EXAM QUESTIONS
AND VERIFIED ANSWERS LATEST
VERSION 2024-2025
When a PAN is displayed to an employee who does NOT need to
see the full PAN, the minimum digits to be masked are: Correct
Answer All digits between the first six and last four
Which of the following is true regarding protection of PAN?
Correct Answer PAN must be rendered unreadable during
transmission over public, wireless networks
Which of the following may be used to render PAN unreadable in
order to meet requirement 3.4? Correct Answer Hashing the
entire PAN using strong cryptography, truncation, index tokens
and pads with pads being securely stored, strong cryptography
with associated key-management processes and procedures
True or False Manual clear-text key-management procedures
specify processes for the use of keys that are stored on
production systems, use of split knowledge and dual control is
required. Correct Answer True
When assessing requirement 6.5, testing to verify secure coding
techniques are in place to address common coding vulnerabilities
includes: Correct Answer Examine software development policies
and procedures to verify that up-to-date training in secure coding
techniques is required for developers at least annually, based on
industry best practices and guidance
One of the principles to be used when granting user access to
systems in CDE is: Correct Answer Least privilege
,An example of a "one-way" cryptographic function used to render
data unreadable is: Correct Answer SHA-2
A set of cryptographic hash functions designed by the National
Security Agency (NS). Correct Answer SHA-2 (Secure Hash
Algorithm
Inactive user accounts should be either removed or disabled
within___ Correct Answer 90 days
True or False: Procedures must be developed to easily
distinguish the difference between onsite personnel and visitors.
Correct Answer True
When should access be revoked of recently terminated
employees? Correct Answer immediately
True or False: A visitor with a badge may enter sensitive area
unescorted. Correct Answer False, visitors must be escorted at all
times.
Protection of keys used for encryption of cardholder data against
disclosure must include at least: (4 items) Correct Answer
*Access to keys is restricted to the fewest number of custodians
necessary
*Key-encrypting keys are at least as strong as the data-encrypting
keys they protect
*Key encrypting keys are stored separately from data-encrypting
keys
*Keys are stored securely in the fewest possible locations
Description of cryptographic architecture includes: Correct
Answer *Details of all algorithms, protocols, and keys used for the
protection of cardholder data, including key strength and expiry
date
, *Description of the key usage for each key
*Inventory of any HSMs and other SCDs used for key
management
What 2 methods must NOT be used to be disk-level encryption
compliant Correct Answer *Cannot use the same user account
authenticator as the operating system
*Cannot use a decryption key that is associated with or derived
from the systems local user account database or general network
login credentials.
6 months Correct Answer DESV User accounts and access
privileges are reviewed at least every______
Track 1 (Length up to 79 characters) Correct Answer Contains all
fields of both Track 1 and Track 2
Track 2 (Length up to 40 characters) Correct Answer Provides
shorter processing time for older dial-up transmissions.
DESV Requirements: Correct Answer *Implementing a PCI DSS
Compliance program
*Document and validate PCI DSS Scope
*Validate PCI DSS is incorporated into business-as-usual (BAU)
activities
*Control and manage logical access to cardholder data
environment
*Identify and respond to suspicious events
Who could DESV requirements apply to? Correct Answer Those
that have suffered significant or repeated breaches of cardholder
data.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller wachiraMaureen. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $24.99. You're not tied to anything after your purchase.