- All Exams Instant Download
Which of the following is true regarding compensating controls?
Which of the following is true regarding compensating controls?A . A compensating control is not necessary if all other PCI DSS requirements are in place.B . A compensating control must address the risk associated with not adhering to the PCI DSS requirement.C . An existing PCI DSS requirement can be...
Which of the following is true regarding internal vulnerability scans?
Which of the following is true regarding internal vulnerability scans?A . They must be performed after a significant change.B . They must be performed by an Approved Scanning Vendor (ASV).C . They must be performed by QSA personnel.D . They must be performed at least annually.View AnswerAnswer: A Explanation: Comprehensive...
a new key?
Which of the following statements Is true whenever a cryptographic key Is retired and replaced with a new key?A . The retired key must not be used for encryption operations.B . Cryptographic key components from the retired key must be retained for 3 months before disposal.C . Anew key custodian...
Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?
Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?A . Monitor the control.B . Derive testing procedures and document them in Appendix E of the ROC.C . Document and maintain evidence about each customized control as defined in...
Security policies and operational procedures should be?
Security policies and operational procedures should be?A . Encrypted with strong cryptography.B . Stored securely so that only management has access.C . Reviewed and updated at least quarterly.D . Distributed to and understood by ail affected parties.View AnswerAnswer: D Explanation: Requirement Context: PCI DSS Requirement 12.5 mandates that security policies...
Which of the following statements Is true whenever a cryptographic key Is retired and replaced with a new key?
Which of the following statements Is true whenever a cryptographic key Is retired and replaced with a new key?A . The retired key must not be used for encryption operations.B . Cryptographic key components from the retired key must be retained for 3 months before disposal.C . Anew key custodian...
Which statement is true regarding the PCI DSS Report on Compliance (ROC)?
Which statement is true regarding the PCI DSS Report on Compliance (ROC)?A . The ROC Reporting Template and instructions provided by PCI SSC should be used for all ROCs.B . The assessor may use either their own template or the ROC Reporting Template provided by PCI SSC.C . The assessor...
Which of the following statements is true?
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true? A....
Which of the following is true regarding internal vulnerability scans?
Which of the following is true regarding internal vulnerability scans?A . They must be performed after a significant change.B . They must be performed by an Approved Scanning Vendor (ASV).C . They must be performed by QSA personnel.D . They must be performed at least annually.View AnswerAnswer: A Explanation: Comprehensive...
In the ROC Reporting Template, which of the following Is the best approach for a response where the requirement was "In Place’?
In the ROC Reporting Template, which of the following Is the best approach for a response where the requirement was "In Place’?A . Details of the entity's project plan for implementing the requirement.B . Details of how the assessor observed the entity's systems were compliant with the requirement.C . Details...
