ASSESSOR_NEW_V4

A "Partial Assessment is a new assessment result What is a ‘Partial Assessment’?A . A ROC that has been completed after using an SAQ to determine which requirements should be tested. As per FAQ 1331. (As long as the entity meets the SAQs eligibility criteria)B . An interim result before...

What should the assessor verify when testing that cardholder data is protected whenever it is sent over open public networks?A . The security protocol is configured to accept all digital certificatesB . A proprietary security protocol is usedC . The security protocol accepts only trusted keysD . The security protocol...

Which of the following is true regarding internal vulnerability scans?A . They must be performed after a significant changeB . They must be performed by an Approved Scanning Vendor (ASV)C . They must be performed by QSA personnelD . They must be performed at least annuallyView AnswerAnswer: A Explanation: According...

An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA. while also ensuing that the customized control is implemented securely. Which of the following statements is true? A....

An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7A...

An LDAP server providing authentication services to the cardholder data environment isA . in scope for PCI DSS.B . not in scope for PCI DSSC . in scope only if it stores processes or transmits cardholder dataD . in scope only if it provides authentication services to systems in the...

Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS'IPS)?A . Intrusion detection techniques are required on all system componentsB . Intrusion detection techniques are required to alert personnel of suspected compromisesC . Intrusion detection techniques are required to...

What is the intent of classifying media that contains cardholder data?A . Ensuring that media is property protected according to the sensitivity of the data it containsB . Ensuring that media containing cardholder data is moved from secured areas an a quarterly basisC . Ensuring that media is clearly and...

In the ROC Repotting Template, which of the following is the best approach for a response where the requirement was in Place’’?A . Details of the entity s project plan for implementing the requirementB . Details of how the assessor observed the entity s systems were compliant with the requirementC...

If disk encryption is used to protect account data what requirement should be met for the disk encryption solution?A . Access to the disk encryption must be managed independently of the operating system access control mechanismsB . The disk encryption system must use the same user account authenticator as the...