Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

QSA_New_V4 Exam Dumps - Qualified Security Assessor V4 Exam

Go to page:
Question # 4

An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?

A.

You can assess the customized control, but another assessor must verify that you completed the TRA correctly.

B.

You can assess the customized control and verify that the customized approach was correctly followed, but you must document this in the ROC.

C.

You must document the work on the customized control in the ROC, but you can not assess the control or the documentation.

D.

Assessors are not allowed to assist an entity with the completion of the Controls Matrix or the TRA.

Full Access
Question # 5

An entity accepts e-commerce payment card transactions and stores account data in a database. The database server and the web server are both accessible from the Internet. The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements?

A.

The web server and the database server should be installed on the same physical server.

B.

The database server should be relocated so that it is not accessible from untrusted networks.

C.

The web server should be moved into the internal network.

D.

The database server should be moved to a separate segment from the web server to allow for more concurrent connections.

Full Access
Question # 6

Which of the following is true regarding compensating controls?

A.

A compensating control is not necessary if all other PCI DSS requirements are in place.

B.

A compensating control must address the risk associated with not adhering to the PCI DSS requirement.

C.

An existing PCI DSS requirement can be used as compensating control if it is already implemented.

D.

A compensating control worksheet is not required if the acquirer approves the compensating control.

Full Access
Question # 7

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

A.

The security protocol Is configured to accept all digital certificates.

B.

A proprietary security protocol is used.

C.

The security protocol accepts only trusted keys.

D.

The security protocol accepts connections from systems with lower encryption strength than required by the protocol.

Full Access
Question # 8

Which statement about the Attestation of Compliance (AOC) is correct?

A.

There are different AOC templates for service providers and merchants.

B.

The AOC must be signed by both the merchant/service provider and by PCI SSC.

C.

The same AOC template is used for ROCs and SAQs.

D.

The AOC must be signed by either the merchant/service provider or the QSA/ISA.

Full Access
Go to page: