PCI DSS Fundamentals Exam Questions and Answers 2022/2023
451 views 1 purchase
Module
PCI DSS
Institution
PCI DSS
A Sustainable Compliance Program must: - ANSWER-Be implemented into Business-as-usual (BAU) activities as part of the organizations overall security strategy.
True or False: The driving objective behind all PCI DSS compliance activities is to attain a compliant report. - ANSWER-False ongoing sec...
pci dss fundamentals exam questions and answers 20222023
a sustainable compliance program must
true or false the driving objective behind all pci dss compliance activities is to attain a co
Written for
PCI DSS
PCI DSS
Seller
Follow
millyphilip
Reviews received
Content preview
PCI DSS Fundamentals Exam Questions and Answers 2022/2023
A Sustainable Compliance Program must: - ANSWER-Be implemented into Business-
as-usual (BAU) activities as part of the organizations overall security strategy.
True or False: The driving objective behind all PCI DSS compliance activities is to attain
a compliant report. - ANSWER-False ongoing security of cardholder data is the driving objective which will lead to a compliant report
Effective metrics program can provide useful data for: - ANSWER-Allocation of resources to minimize risk occurrence and measure the business consequences of security events.
Security Goals should include: - ANSWER-Continuous monitoring, testing, documenting
implementation, effectiveness, efficiency, impact, and status of controls and activities.
Control-failure response processes should include: - ANSWER-minimizing the impact of
the incident, restoring controls, performing root-cause analysis and remediation, implementing hardening standards and enhancing monitoring.
True or False: 3rd party providers are monitored by issuers - ANSWER-False, Organizations should develop and implement processes to monitor the compliance status of its service providers to determine whether a change in status requires a change in the relationship.
True or False: Organizations should evolve their controls with the threat landscape, changes in organizations structure, new business initiatives, and changes in business processes and technologies - ANSWER-True Evolving security reduces the negative impact on an organizations security posture.
How can organizations prevent "fall-off" between assessments - ANSWER-Develop a well designed program of security controls and monitoring practices.
True or False: Network segmentation is one method that can help reduce the number of
system components in scope for PCI DSS - ANSWER-True, outsourcing to a 3rd party service provider and using P2PE are other methods of reducing scope.
Who is ultimately responsible for making its own PCI DSS scoping decisions, designing effective segmentation and ensuring its own PCI DSS compliance and related validation
requirements are met - ANSWER-Each entity is responsible for themselves. What does segmentation involve - ANSWER-additional controls to separate systems with different security needs.
Segmentation can consist of: - ANSWER-logical controls, physical controls or a combination of both
Name some commonly used segmentation methods - ANSWER-Firewalls and router configurations (preventing traffic in & out), network configurations (preventing communication) and physical controls
E-commerce Payment Gateway/Payment Processor - ANSWER-may facilitate payment authorization by forwarding transactions to the processors/acquirers that perform the actual payment authorization.
E-Commerce infrastructure may include: - ANSWER-consumers browser, application servers, database servers and any other underlying servers or devices such as network devices.
Merchants infrastructure may include: - ANSWER-networking and operating system, firewalls, switches, routers and any virtual infrastructure such as hypervisors.
E-commerce infrastructure typically follows what 3-tier computing model - ANSWER-1) Presentation layer (web) 2) processing layer (application) 3) data-storage layer
Requirements for firewall configuration standards are: - ANSWER-a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network
zone.
Examine firewall and router configurations to verify that a DMZ is implemented to limit - ANSWER-inbound traffic to only a system components that provide authorized publicly accessible services, protocols, and ports
Examine firewall and router configurations to verify that inbound internet traffic is limited to - ANSWER-IP addresses within the DMZ
How often should information security policies and risk assessments be completed - ANSWER-Annually and with any changes
Which items are included in a risk assessment - ANSWER-Identify critical assets, threats, vulnerabilities, formal documented analysis.
National Institute of Standards and Technology (NIST) proposes what 3 security metrics
- ANSWER-1) implementation measures 2) efficiency and effectiveness measures, 3) impact measures
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £7.31. You're not tied to anything after your purchase.
