Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

QSA_New_V4 Exam Dumps - Qualified Security Assessor V4 Exam

Go to page:
Question # 17

What is the intent of classifying media that contains cardholder data?

A.

Ensuring that media is properly protected according to the sensitivity of the data it contains.

B.

Ensuring that media containing cardholder data Is moved from secured areas an a quarterly basis.

C.

Ensuring that media is clearly and visibly labeled as "Confidential" so all personnel know that the media contains cardholder data.

D.

Ensuring that all media is consistently destroyed on the same schedule, regardless of the contents.

Full Access
Question # 18

An entity wants to know if the Software Security Framework can be leveraged during their assessment. Which of the following software types would this apply to?

A.

Any payment software in the CDE.

B.

Only software which runs on PCI PTS devices.

C.

Validated Payment Applications that are listed by PCI SSC and have undergone a PA-DSS assessment.

D.

Software developed by the entity in accordance with the Secure SLC Standard.

Full Access
Question # 19

A "Partial Assessment" is a new assessment result. What is a “Partial Assessment"?

A.

A ROC that has been completed after using an SAQ to determine which requirements should be tested, as per FAQ 1331.

B.

An interim result before the final ROC has been completed.

C.

A term used by payment brands and acquirers to describe entities that have multiple payment channels, with each channel having its own assessment.

D.

An assessment with at least one requirement marked as “Not Tested".

Full Access
Question # 20

Which of the following is an example of multi-factor authentication?

A.

A token that must be presented twice during the login process.

B.

A user passphrase and an application-level password.

C.

A user password and a PIN-activated smart card.

D.

A user fingerprint and a user thumbprint.

Full Access
Question # 21

An internal NTP server that provides time services to the Cardholder Data Environment is?

A.

Only in scope if it provides time services to database servers.

B.

Not in scope for PCI DSS.

C.

Only in scope if it stores, processes or transmits cardholder data.

D.

In scope for PCI DSS.

Full Access
Question # 22

Which systems must have anti-malware solutions?

A.

All CDE systems, connected systems, NSCs, and security-providing systems.

B.

All portable electronic storage.

C.

All systems that store PAN.

D.

Any in-scope system except for those identified as ‘not at risk’ from malware.

Full Access
Go to page: