Pci dss requirement 13 - Study guides, Class notes & Summaries

CSIS 340 Midterm Exam 1. Which of the following is not a type of security control? 2. The key to determining if a business will implement any policy is? 3. _____ is a promise not to disclose to any third party information covered by the agreement. 4. A _____ is a term that refers to a network that limits what and how computers are able to talk to each other. 5. Which of the following are control objectives for PCI DSS? 6. Which of the following does a policy change control board do? 7. Ho...

PCI DSS Area 1 ANSWER- Build and Maintain a Secure Network and Systems PCI DSS Requirement One ANSWER- Install and maintain a firewall configuration to protect cardholder data PCI DSS Requirement 1.1 ANSWER- Establish and implement firewall and router configuration standards that include the following: 1-A Formal Process for Change Management 2-A Current Network Diagram, process to keep current 3-A Cardholder Data Flows 4-Firewall at all access points to the network (DMZ or Internet Co...

Topic 1, Exam Pool A A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. , the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting . Which of the following describes this attack? A. On-path B. Domain hijacking C. DNS poisoning D. Evil twin Answer: C Which of the following provides a calculated value for known vulnerabilities so organizations ...

Which type of control is associated with responding to and fixing a security incident? • Question 2 The key to determining if a business will implement any policy is? 2 out of 2 points • Question 3 2 out of 2 points A is a term that refers to a network that limits what and how computers are able to talk to each other. • Question 4 Policy acceptance challenges include? 2 out of 2 points • Question 5 2 out of 2 poi...