pci isa questions with complete solution

Document Content and Description Below

QSAs must retain work papers for a minimum of _______ years. It is a recommendation for ISAs to do the same. 3 According to PCI DSS requirement 1, Firewall and router rule sets need to be revi... ewed every _____ months. 6 At least ______________ and prior to the annual assessment the assessed entity: - Identifies all locations and flows of cardholder data to verify they are included in the CDE - Confirms the accuracy of their PCI DSS scope - Retains their scoping documentation for assessor reference annually scope includes ppl process, tech Evidence Retention It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit results and work papers, notes, and any technical information that was created and/or obtained during the PCI Data Security Assessment for a minimum of ________ or as applicable to company data retention policies of three (3) years A (time) ______ process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements. quarterly Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin) authorization manual clear-text key-management procedures specify processes for the use of the following Split knowledge.Dual control Dual control least two people are required to perform any key-management operations and no one person has access to the authentication materials (for example, passwords or keys) of another Split knowledge key components are under the control of at least two people who only have knowledge of their own key components PAN is rendered unreadable in which ways hash mask encrypt pad Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within _____ of release. one month Installation of all applicable vendor-supplied security patches within an ___________________ appropriate time frame (for example, within three months) makes sure change control has these 4 things impack testing (PCI review) backout approval Train developers at least ________ in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory. annually [Show More]

Last updated: 2 years ago

Preview 1 out of 5 pages

Buy Now

Instant download

We Accept: