Question 1

After the 31 of the March 2025, how frequent must you review the system and application account privileges?

Options :

A : At every quarter.

B : There are no requirements for system accounts, so they should never.

C : Biannually

D : Periodically. The frequency is defined in the TRA (targeted risk analysis) of the entity-s .

Answer: D

Question 2

When should penetration testing be performed?

Options :

A : At least quarterly, and after any change to user access or file access permission

B : At least annually, and after any change to user access permission

C : At least quarterly, and after any significant changes to the network

D : At least annually, and after any significant changes to infrastructure or applications

Answer: D

Question 3

PCI-DSS Requirements 5 stats that antivirus software must be:

Options :

A : Installed on systems even those not commonly affected by malware

B : Updates at least annually

C : Installed on systems commonly affected by the malware

D : Configured to allow users to disable it as desired

Answer: C

Question 4

During itnernal scanning there are low risk vulnerabilities identify, what is the best course of action?

Options :

A : Should not be addressed

B : Address them based on the risk defined in the targeted risk analysis

C : Patch them within 30 days

D : Resolve them within 3 months

Answer: B

Question 5

Assigning a unique ID to each person is intended to ensure:

Options :

A : Strong passwords are used for each user account

B : Shared accounts are only used by administrators

C : Individual users are accountable for their own actions

D : Access is assigned to group accounts based on need-to-know

Answer: C

Higher Test Marks with Free Online QSA_New Exam Practice