PCIP Exam Questions with complete solutions 100% correct

PCIP Exam Questions with complete solutions 100% correct Can existing PCI DSS requirements be considered as compensating controls if they are already required for the item under review? NO What are reasons to consider using compensating controls? Legitimate technical constraints or documented business constraints Do PCI DSS requirements apply if virtualization is used in the CDE? YES P2PE encrypts data at source and decrypts at destination True A compensating control must __________________________ meet the rigor and intent of the original requirement A merchant with web based virtual terminals and no electronic cardholder data storage must complete a _______ SAQ C-VT Merchant with payment application systems connected to the internet with no electronic cardholder data storage must complete a ____________ SAQ C Create an ___________ that is __________ to be implemented in the event of a breach incident response plan - tested annually Tool to assist merchants and service providers self-evaluate compliance with PCI DSS SAQ Card not present merchants with all cardholder data source functions outsourced must complete the ________ SAQ A Minimum password length required by PCI DSS 7 Retain audit trail history for _____________years with minimum _______ months immediately available 1 3 External penetration testing must be performed ___________ at least annually and after any significant upgrade or modification