PCI ISA Flashcards 3.2.1 Questions and Answers 2023 Latest Version Graded A

For PCI DSS requirement 1, firewall and router rule sets need to be reviewed every _____________ months - 6 months Non-console administrator access to any web-based management interfaces must be encrypted with technology such as......... - HTTPS Requirements 2.2.2 and 2.2.3 cover the use of secure services, protocols and daemons. Which of the following is considered to be secure? - SSH Which of the following is considered "Sensitive Authentication Data"? - Card Verification Value (CAV2/CVC2/CVV2/CID), Full Track Data, PIN/PIN Block True or False: It is acceptable for merchants to store Sensitive Authentication after authorization as long as it is strongly encrypted? - False When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum digits to be masked are: - All digits between the first six and last four Which of the following is true regarding protection of PAN? - PAN must be rendered unreadable during transmission over public, wireless networks Which of the following may be used to render PAN unreadable in order to meet requirement 3.4? - Hashing the entire PAN using strong cryptography True or False Where keys are stored on production systems, split knowledge and dual control is required? - True When assessing requirement 6.5, testing to verify secure coding techniques are in place to address common coding vulnerabilities includes: - Reviewing software development policies and procedures One of the principles to be used when granting user access to systems in CDE is: - Least privilege An example of a "one-way" cryptographic function used to render data unreadable is: - SHA-2 A set of cryptographic hash functions designed by the National Security Agency (NS). - SHA-2 (Secure Hash Algorithm Inactive user accounts should be either removed or disabled within___ - 90 days True or False: Procedures must be developed to easily distinguish the difference between onsite personnel and visitors. - True When should access be revoked of recently terminated employees? - immediately True or False: A visitor with a badge may enter sensitive area unescorted. - False, visitors must be escorted at all times. Protection of keys used for encryption of cardholder data against disclosure must include at least: (4 items) - *Access to keys is restricted to the fewest number of custodians necessary *Key-encrypting keys are at least as strong as the data-encrypting keys they protect *Key encrypting keys are stored separately from data-encrypting keys *Keys are stored securely in the fewest possible locations Description of cryptographic architecture includes: - *Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date *Description of the key usage for each key *Inventory of any HSMs and other SCDs used for key management What 2 methods must NOT be used to be disk-level encryption compliant - *Cannot use the same user account authenticator as the operating system *Cannot use a decryption key that is associated with or derived from the systems local user account database or general network login credentials. 6 months - DESV User accounts and access privileges are reviewed at least every______ Track 1 (Length up to 79 characters) - Contains all fields of both Track 1 and Track 2 Track 2 (Length up to 40 characters) - Provides shorter processing time for older dial-up transmissions. DESV - Designated Entities Supplemental Validation DESV Requirements: - *Implementing a PCI DSS Compliance program *Document and validate PCI DSS Scope *Validate PCI DSS is incorporated into business-as-usual (BAU) activities *Control and manage logical access to cardholder data environment *Identify and respond to suspicious events