PCI Practice Exam Questions With Verified Answers
PCI Practice Exam Questions With Verified Answers When must cryptographic keys be changed? - At the end of their defined crypto period - At least annually - When a new key custodian is employed - Upon release of a new algorithm - ANSWER At the end of their defined crypto period What must the assessors verify when testing that cardholder data is protected whenever it is sent over the Internet? - The security protocol is configured to support earlier versions - The encryption strength is appropriate for the technology in use - The security protocol is configured to accept all digital certificates - The cardholder data is securely deleted once the transmission has been sent - ANSWER The encryption strength is appropriate for the technology in use As defined in Requirement 8, what is the minimum complexity of user passwords? - 8 characters, either alphabetic or numeric - 5 characters, either alphabetic or numeric - 6 characters, both alphabetic and numeric characters - 7 characters, both alphabetic and numeric characters - ANSWER 7 characters, both alphabetic and numeric characters Which statement is correct regarding use of production data (live PANs) for testing and development? - Live PANs must not be used for testing or development - Access to live PANs must be used for testing and development must be restricted to authorized personnel - Live PANs must be used for testing and development - All live PANs used for testing and development must be authorized by the cardholder - ANSWER Live PANs must not be used for testing or development Which of the following is an example of multi-factor authentication? - A token that must be presented twice during the login process - A user passphrase and an application-level password - A user password and a PIN-activated smart card - A user fingerprint and a user thumbprint - ANSWER A user password and a PIN-activated smart card Which of the following types of events is required to be logged? - All use of end-user messaging technologies - All access to external websites - All access to all audit trails - All network transmissions - ANSWER All access to all audit trails Which of the following meets PCI DSS requirements for secure destruction of media containing cardholder data? - Cardholder data on hard copy materials is copied to electronic media before the hard copy materials are destroyed - Storage containers used for hardcopy materials are located outside of the CDE - Electronic media is physically destroyed to ensure the data cannot be reconstructed - Electronic media is stored in a secure location when the data is no longer needed for business or legal reasons - ANSWER Electronic media is physically destroyed to ensure the data cannot be reconstructed
Written for
- Institution
- PCI ISA
- Course
- PCI ISA
Document information
- Uploaded on
- October 22, 2023
- Number of pages
- 15
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
- pci practice
-
pci practice exam questions with verified answers
Also available in package deal
