ASSESSOR_NEW_V4

What would be an appropriate strength for the key-encrypting key (KEK) used to protect an AES 128-bit data-encrypting key (DEK)A . DES256B . RSA512C . AES 128D . ROT 13View AnswerAnswer: C Explanation: The key-encrypting key (KEK) is used to protect the data-encrypting key (DEK) from unauthorized access or disclosure....

Passwords for default accounts and default administrative accounts should be?A . Changed within 30 days after installing a system on the network.B . Reset to the default password before installing a system on the networkC . Changed before installing a system on the networkD . Configured to expire in 30...

According to the glossary, bespoke and custom software describes which type of software?A . Any software developed by a third partyB . Any software developed by a third party that can be customized by an entity.C . Software developed by an entity for the entity's own useD . Virtual payment...

A "Partial Assessment is a new assessment result What is a ‘Partial Assessment’?A . A ROC that has been completed after using an SAQ to determine which requirements should be tested. As per FAQ 1331. (As long as the entity meets the SAQs eligibility criteria)B . An interim result before...

What should the assessor verify when testing that cardholder data is protected whenever it is sent over open public networks?A . The security protocol is configured to accept all digital certificatesB . A proprietary security protocol is usedC . The security protocol accepts only trusted keysD . The security protocol...

Which of the following is true regarding internal vulnerability scans?A . They must be performed after a significant changeB . They must be performed by an Approved Scanning Vendor (ASV)C . They must be performed by QSA personnelD . They must be performed at least annuallyView AnswerAnswer: A Explanation: According...

An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA. while also ensuing that the customized control is implemented securely. Which of the following statements is true? A....

An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7A...

An LDAP server providing authentication services to the cardholder data environment isA . in scope for PCI DSS.B . not in scope for PCI DSSC . in scope only if it stores processes or transmits cardholder dataD . in scope only if it provides authentication services to systems in the...

Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS'IPS)?A . Intrusion detection techniques are required on all system componentsB . Intrusion detection techniques are required to alert personnel of suspected compromisesC . Intrusion detection techniques are required to...