Question 1

Which if the following is true, regarding the entity sharing cardholder data with a service provider?

Options :

A : The service provider may only store, process or transmit cardholder data that is encrypted; and is therefore out of scope of PCI DSS

B : The service provider must produce the quarterly ASV scan results, and a penetration test report, before the entity engages with the service provider

C : The entity must have an established process of engaging service provider, including proper due diligence prior to engagement

D : The service provider must be PCI-DSS compliant before the entity engages with the service provider

Answer: C

Question 2

External ASV scans are required to be performed:

Options :

A : Quarterly

B : Monthly

C : Annually

D : Every six months

Answer: A

Question 3

Assigning a unique ID to each person is intended to ensure:

Options :

A : Strong passwords are used for each user account

B : Shared accounts are only used by administrators

C : Individual users are accountable for their own actions

D : Access is assigned to group accounts based on need-to-know

Answer: C

Question 4

PCI-DSS Requirement 12.6 requires personnel to acknowledge at least _______ that they have read and understood the security policy and procedures?

Options :

A : Quarterly

B : Annually

C : Once during their employment

D : Every six months

Answer: B

Question 5

A service provider with no electronic cardholder data storage may be eligible to complete with SAQ?

Options :

A : SAQ C

B : SAQ D

C : SAQ A

D : SAQ B

Answer: B

Higher Test Marks with Free Online QSA_New Exam Practice

Buying Options: