Question 1

During itnernal scanning there are low risk vulnerabilities identify, what is the best course of action?

Options :

A : Should not be addressed

B : Address them based on the risk defined in the targeted risk analysis

C : Patch them within 30 days

D : Resolve them within 3 months

Answer: B

Question 2

Which function is associated with acquirers?

Options :

A : Prepares the cardholder-s statement and completes reconciliation to the issuer

B : Provide authorization, clearing and settlement services to an issuer

C : Prepares the cardholder-s statements and completes reconciliation to the merchant

D : Provide authorization, clearing and settlement services to a merchant

Answer: D

Question 3

Assigning a unique ID to each person is intended to ensure:

Options :

A : Strong passwords are used for each user account

B : Shared accounts are only used by administrators

C : Individual users are accountable for their own actions

D : Access is assigned to group accounts based on need-to-know

Answer: C

Question 4

Which of the following can be sampled for testing during a PCI DSS assessment?

Options :

A : PCI DSS requirements and testing procedures

B : Compensating controls

C : Business facilities and system components

D : Security policies and procedures

Answer: C

Question 5

Which if the following is true, regarding the entity sharing cardholder data with a service provider?

Options :

A : The service provider may only store, process or transmit cardholder data that is encrypted; and is therefore out of scope of PCI DSS

B : The service provider must produce the quarterly ASV scan results, and a penetration test report, before the entity engages with the service provider

C : The entity must have an established process of engaging service provider, including proper due diligence prior to engagement

D : The service provider must be PCI-DSS compliant before the entity engages with the service provider

Answer: C

Higher Test Marks with Free Online QSA_New Exam Practice

Buying Options: