PCIP EXAM 2023-2024 ACTUAL EXAM 300 QUESTIONS AND
CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |AGRADE
When planning for an assessment what 4 activities should be included
during planning? - ANSWER- *List of people to be interviewed, system
components used, documentation (training, payment logs), facilities
(physical security)
*Ensure assessor is familiar with technologies in assessment
*If sampling, verify sample section and size is representative of the
entire population
*Identify the roles and the individuals within each role to be interviewed
as part of the assessment
What pre-assessment activities should an assessor consider when
preparing for an assessment? - ANSWER- *Ensure assessor(s) has
competent knowledge of the technologies being assessed
*Identify types of system components and locations of facilities to be
reviewed
*Consider size and complexity of the environment to be assessed.
When does authorization occur - ANSWER- At time of purchase
When does clearing occur - ANSWER- usually within one day
When does settlement occur - ANSWER- Usually within 2 days
Where does an assessor document their sampling methodology? -
ANSWER- Report on Compliance (ROC)
Manual clear-text key-management procedures specify processes for the
use of the following - ANSWER- Split knowledge & Dual Control
What is dual control? - ANSWER- At least people are required to
perform any key-management operations and no one person has access
to the authentication materials (for example, passwords or keys) of
another.
What is split knowledge? - ANSWER- Key components are under the
control of at least 2 people who only have knowledge of their own key
components.
True or False: Encryption key management is an optional PA-DSS
requirement to be used only if the customer requests encryption
requirements above and beyond PCI. - ANSWER- False- must use
encryption key management
When should keys be retired or replaced? - ANSWER- When keys are
deemed weakened, no longer needed, become suspected and/or
compromised, a key custodian no longer works for the company.
Archived cryptographic keys are only used for what purpose? -
ANSWER- decryption/verification purposes.
What is masking? - ANSWER- applies to displaying of information and
implies that data can be accessed behind the scenes.
What is truncation? - ANSWER- applies to storage and implies the
permanent and irrecoverable transformation of the original data.
What is hashing? - ANSWER- applies to storage uses a special
cryptographic method that takes a block of data (PAN) and passes it
through a one-way process to produce a block of encrypted data. It
cannot be reversed to recover the original data. It eliminates the risks
involved in managing and keep keys secure.
How often should unnecessary stored data be purged? - ANSWER- at
least quarterly
A user is locked out after _____ wrong attempts - ANSWER- 6
If a session has been idle for _____ minutes, a user must re-authenticate
to re-activate the terminal or session - ANSWER- 15 mins
Once a user account is locked out, it remains locked out for a minimum
of _____ or _____ - ANSWER- 30 mins or until a system administrator
resets the account.
Reviewing public-facing web applications via manual or automated
application vulnerability security assessment tools or methods, at least
____ or ____ - ANSWER- Annually and after any changes or all the
time
What are "shared services"? - ANSWER- common system components
that provide services to many system components across an organization
such as domain name service and network time protocol
What is NTP and is it in scope? - ANSWER- Network Time Protocolsets all system computers to the same time. Yes, this server has access
into cardholder data environment to provide set time and date
Active Directory, NTP, DNS, Patches, and SMTP are examples of ____
- ANSWER- Shared Services that are in scope for PCI
Verify that storage location security is reviewed at least _____ to
confirm that backup media storage is secure - ANSWER- annually
Review media inventory logs to verify that logs are maintained and
media inventories are performed at least - ANSWER- annually
Data (media)from video camera's, access controls to sensitive area's is
stored for at least______ - ANSWER- 3 months
Software should be configured to perform critical file comparisons at
least - ANSWER- weekly
Category | Exams and Certifications |
Comments | 0 |
Rating | |
Sales | 0 |