QSA_New_V4 Practice Questions

A.  

All personnel employed by the organization.

B.  

Personnel with access to the cardholder data environment.

C.  

Visitors with access to the organization’s facilities.

D.  

Cashiers with access to one card number at a time.

A.  

Point-of-Interaction devices used to protect account data.

B.  

Secure coding practices for commercial payment applications.

C.  

Development of strong cryptographic algorithms.

D.  

End-lo-end encryption solutions for transmission of account data.

A.  

Ensure all vulnerabilities are addressed within 30 days.

B.  

Replace the need for quarterly ASV scans.

C.  

Prioritize the highest risk items so they can be addressed more quickly.

D.  

Ensure that critical security patches are installed at least quarterly.

A.  

All CDE systems, connected systems. NSCs, and security-providing systems.

B.  

All portable electronic storage.

C.  

All systems that store PAN.

D.  

Any in-scope system except for those identified as 'not at risk' from malware.

A.  

Certificates are assigned only to administrative groups, and not to regular users.

B.  

A different certificate is assigned to each individual user account, and certificates are not shared.

C.  

Certificates are logged so they can be retrieved when the employee leaves the company.

D.  

Change control processes are in place to ensure certificates are changed every 90 days.

A.  

The ROC Reporting Template and instructions provided by PCI SSC should be used for all ROCs.

B.  

The assessor may use either their own template or the ROC Reporting Template provided by PCI SS

C.  

C.  

The assessor must create their own ROC template tor each assessment report.

D.  

The ROC Reporting Template provided by PCI SSC is only required for service provider assessments.

A.  

At least 1 year, with the most recent 3 months immediately available.

B.  

At least 2 years, with the most recent 3 months immediately available.

C.  

At least 2 years, with the most recent month immediately available.

D.  

At least 3 months, with the most recent month immediately available.

A.  

It must be protected with strong cryptography for transmission over private wireless networks.

B.  

It must be protected with strong cryptography for transmission over private wired networks.

C.  

It does not require protection for transmission over public wireless networks.

D.  

It does not require protection for transmission over public wired networks.

A.  

Remove the default "Firewall Administrator account and create a shared account for firewall administrators to use.

B.  

Configure the firewall to permit all traffic until additional rules are defined.

C.  

Synchronize the firewall rules with the other firewalls in the environment.

D.  

Disable any firewall functions that are not needed in production.

A.  

It is allowed to be stored by merchants after authorization, if encrypted.

B.  

It is sensitive authentication data.

C.  

It is out of scope for PCI DSS.

D.  

It is not applicable for PCI DSS Requirement 3.2.