Exam (elaborations)
PCI ISA Exam Question and Answers 2024 Update.
- Course
- Institution
PCI ISA Exam Question and Answers 2024 Update.PCI ISA Exam Question and Answers 2024 Update.PCI ISA Exam Question and Answers 2024 Update.
[Show more]
Content preview
PCI ISA Exam Question and Answers 2024Update.
QSAs must retain work papers for a minimum of _______ years. It is a recommendation
for ISAs to do the same. - Correct Answer 3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed
every _____ months. - Correct Answer 6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the
CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference - Correct Answer
annually
scope includes - Correct Answer ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case
logs, audit results and work papers, notes, and any technical information that was
created and/or obtained during the PCI Data Security Assessment for a minimum of
________ or as applicable to company data retention policies - Correct Answer of three
(3) years
A (time) ______ process for identifying and securely deleting stored cardholder data
that exceeds defined retention requirements. - Correct Answer quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) -
Correct Answer authorization
manual clear-text key-management procedures specify processes for the use of the
following - Correct Answer Split knowledge.Dual control
Dual control - Correct Answer least two people are required to perform any key-
management operations and no one person has access to the authentication materials
(for example, passwords or keys) of another
Split knowledge - Correct Answer key components are under the control of at least two
people who only have knowledge of their own key components
PAN is rendered unreadable in which ways - Correct Answer hash
mask
encrypt
, pad
Ensure that all system components and software are protected from known
vulnerabilities by installing applicable vendor-supplied security patches. Install critical
security patches within _____ of release. - Correct Answer one month
Installation of all applicable vendor-supplied security patches within an
___________________ - Correct Answer appropriate time frame (for example, within
three months)
makes sure change control has these 4 things - Correct Answer impack
testing (PCI review)
backout
approval
Train developers at least ________ in up-to-date secure coding techniques, including
how to avoid common coding vulnerabilities, and understanding how sensitive data is
handled in memory. - Correct Answer annually
Reviewing public-facing web applications via manual or automated application
vulnerability security assessment tools or methods, at least ___________________
or
automated technical solution that detects and prevents web-based attacks active
_________ - Correct Answer annually and after any changes
all the time
Observe user accounts to verify that any inactive accounts over __________ are either
removed or disabled. - Correct Answer 90 days old
For a sample of system components, inspect system configuration settings to verify that
authentication parameters are set to require that user accounts be locked out after not
more than ___________ invalid logon attempts. - Correct Answer 6
once a user account is locked out, it remains locked for a minimum of _____________
or ____________ - Correct Answer 30 mins or until a system administrator resets the
account
idle time out features have been set to ________ - Correct Answer 15 mins or less
For a sample of system components, inspect system configuration settings to verify that
user password/passphrase parameters are set to require users to change passwords at
least once every ______. - Correct Answer 90 days
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectjoe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73091 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now