Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

QSA_New_V4 Exam Dumps - Qualified Security Assessor V4 Exam

Go to page:
Question # 9

Which statement is true regarding the presence of both hashed and truncated versions of the same PAN in an environment?

A.

Controls are needed to prevent the original PAN being exposed by the hashed and truncated versions.

B.

The hashed version of the PAN must also be truncated per PCI DSS requirements for strong cryptography.

C.

The hashed and truncated versions must be correlated so the source PAN can be identified.

D.

Hashed and truncated versions of a PAN must not exist in same environment.

Full Access
Question # 10

An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?

A.

At least weekly

B.

Periodically as defined by the entity

C.

Only after a valid change is installed

D.

At least monthly

Full Access
Question # 11

Which of the following meets the definition of “quarterly” as indicated in the description of timeframes used in PCI DSS requirements?

A.

Occurring at some point in each quarter of a year.

B.

At least once every 95–97 days.

C.

On the 15th of each third month.

D.

On the 1st of each fourth month.

Full Access
Question # 12

In accordance with PCI DSS Requirement 10, how long must audit logs be retained?

A.

At least 1 year, with the most recent 3 months immediately available.

B.

At least 2 years, with the most recent 3 months immediately available.

C.

At least 2 years, with the most recent month immediately available.

D.

At least 3 months, with the most recent month immediately available.

Full Access
Question # 13

An organization wishes to implement multi-factor authentication for remote access, using the user's individual password and a digital certificate. Which of the following scenarios would meet PCI DSS requirements for multi-factor authentication?

A.

Certificates are assigned only to administrative groups, and not to regular users.

B.

A different certificate is assigned to each individual user account, and certificates are not shared.

C.

Certificates are logged so they can be retrieved when the employee leaves the company.

D.

Change control processes are in place to ensure certificates are changed every 90 days.

Full Access
Question # 14

Which of the following types of events is required to be logged?

A.

All use of end-user messaging technologies.

B.

All access to external web sites.

C.

All access to all audit trails.

D.

All network transmissions.

Full Access
Question # 15

Which scenario describes segmentation of the cardholder data environment (CDE) for the purposes of reducing PCI DSS scope?

A.

Routers that monitor network traffic flows between the CDE and out-of-scope networks.

B.

Firewalls that log all network traffic flows between the CDE and out-of-scope networks.

C.

Virtual LANs that route network traffic between the CDE and out-of-scope networks.

D.

A network configuration that prevents all network traffic between the CDE and out-of-scope networks.

Full Access
Question # 16

What does the PCI PTS standard cover?

A.

Point-of-Interaction devices used to protect account data.

B.

Secure coding practices for commercial payment applications.

C.

Development of strong cryptographic algorithms.

D.

End-lo-end encryption solutions for transmission of account data.

Full Access
Go to page: