- All Exams Instant Download
Which statement about PAN is true?
Which statement about PAN is true?A . It must be protected with strong cryptography for transmission over private wireless networksB . It must be protected with strong cryptography (or transmission over private wired networksC . It does not require protection for transmission over public wireless networksD . It does not...
How often must critical file comparisons be performed?
An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?A . At least weeklyB . Periodically as defined by the entityC . Only after a valid change is installedD . At least monthlyView AnswerAnswer: A Explanation: PCI DSS Requirement 11.5 states that...
Which of the following file types must be monitored by a change-detection mechanism (for example, a file-integrity monitoring tool)?
Which of the following file types must be monitored by a change-detection mechanism (for example, a file-integrity monitoring tool)?A . Application vendor manualsB . Files that regularly changeC . Security policy and procedure documentsD . System configuration and parameter filesView AnswerAnswer: D Explanation: According to the PCI DSS v3.2.1 Quick...
According to requirement 1, what is the purpose of "Network Security Controls?
According to requirement 1, what is the purpose of "Network Security Controls?A . Manage anti-malware throughout the CDE.B . Control network traffic between two or more logical or physical network segments.C . Discover vulnerabilities and rank themD . Encrypt PAN when storedView AnswerAnswer: B Explanation: According to requirement 1, network...
What must be included m an organization’s procedures for managing visitors?
What must be included m an organization’s procedures for managing visitors?A . Visitors are escorted at all times within areas where cardholder data is processed or maintainedB . Visitor badges are identical to badges used by onsite personnelC . Visitor log includes visitor name, address, and contact phone numberD ....
Which of the following statements is true whenever a cryptographic key is retired and replaced with a new key?
Which of the following statements is true whenever a cryptographic key is retired and replaced with a new key? A. The retired key must not be used for encryption operations B. Cryptographic key components from the retired key must be retained for 3 months before disposal C. A new key...
Which of the following is an example of multi-factor authentication?
Which of the following is an example of multi-factor authentication?A . A token that must be presented twice during the login processB . A user passphrase and an application level password.C . A user password and a PIN-activated smart cardD . A user fingerprint and a user thumbprintView AnswerAnswer: C...
