Question 1

When is required to implement an automated technical solution to protect public facing web apps?

Options :

A : From 31st of March 2025.

B : Immediately, it was required since PCI-DSS v3.2.1.

C : After a vulnerability is identified.

D : When PCI DSS v3.2.1 is retired

Answer: A

Question 2

Which of the following types of events is required to be logged?

Options :

A : All use of end-user messaging technologies

B : All access to external websites

C : All access to all audit trails

D : All network transmissions

Answer: C

Question 3

Which of the following can be sampled for testing during a PCI DSS assessment?

Options :

A : PCI DSS requirements and testing procedures

B : Compensating controls

C : Business facilities and system components

D : Security policies and procedures

Answer: C

Question 4

What is true regarding the use of compensating controls?

Options :

A : Compensating controls do not need to be documented

B : Controls must be in place to ensure compensating controls remain effective after they've been assessed

C : Compensating controls increase the risk to the organizations

D : Compensating controls cannot be changed once they've been implemented

Answer: B

Question 5

Which if the following is true, regarding the entity sharing cardholder data with a service provider?

Options :

A : The service provider may only store, process or transmit cardholder data that is encrypted; and is therefore out of scope of PCI DSS

B : The service provider must produce the quarterly ASV scan results, and a penetration test report, before the entity engages with the service provider

C : The entity must have an established process of engaging service provider, including proper due diligence prior to engagement

D : The service provider must be PCI-DSS compliant before the entity engages with the service provider

Answer: C

Higher Test Marks with Free Online QSA_New Exam Practice

Buying Options: