合格させるPCI PCIP3.0試験には保証が付きます。更新されたのは90問があります
最新のPCIP3.0合格保証付き試験問題集の認定サンプル問題
質問 24
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).
- A. False
- B. True
正解: B
質問 25
Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?
- A. SAQ A
- B. SAQ B
- C. SAQ D
- D. SAQ C-VT
- E. SAQ C
正解: E
質問 26
Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?
- A. RLogon
- B. Telnet
- C. FTP
- D. SSH
正解: D
質問 27
When masking the PAN what is the maximum number of digits allowed to be displayed
- A. The display of PAN digits are prohibited
- B. The first four and the last four
- C. The first four and the last six
- D. The first six and the last four
正解: D
質問 28
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:
- A. Verbal warning, suspension, monthly fines
- B. Written warning, suspension, revocation
- C. Verbal warning, one-off fine, revocation
- D. Written warning, remediation, monthly fines
正解: B
質問 29
Maintain a policy that addresses information security for all personnel is the ________
- A. Requirement 12
- B. Requirement 9
- C. Requirement 10
- D. Requirement 11
正解: A
質問 30
Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility
- A. Warning
- B. Revocation
- C. Fee
- D. Suspension
正解: A,B,D
質問 31
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)
- A. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
- B. Focus on security, not on compliance
- C. Don't forget about people
- D. PCI DSS is not a once-a-year activity
正解: A,B,C,D
質問 32
PCI DSS Requirement 1 covers:
- A. Masking of PAN wherever it is displayed
- B. Installation of anti-virus software
- C. Implementation of firewalls between the CDE and untrusted networks
- D. Secure development of DMZ applications and systems
正解: C
質問 33
Merchants using only web-based virtual payment terminals, no electronic cardholder data storage, may be eligible to use what SAQ?
- A. SAQ A
- B. SAQ C
- C. SAQ B
- D. SAQ D
- E. SAQ C-VT
正解: E
質問 34
PCI DSS Requirement 3.4 states that PAN must be rendered unreadable when stored. Which of the following may be used to meet this requirement?
- A. Hashing the entire PAN using strong cryptography
- B. Hiding the column containing PAN data in the database
- C. Encryption of the first six and last four numbers of the PAN
- D. masking the entire PAN using industry standards
正解: A
質問 35
Passwords/Passphrases should not be allowed if the same of the last ____ used passwords/passphrases.
(Requirement 8.2.5)
- A. 0
- B. 1
- C. 2
- D. 3
正解: B
質問 36
In order to be considered a compensating control, which of the following must exist:
- A. A legitimate technical constraint or a documented business constraint
- B. A documented business constraint
- C. A legitimate technical constraint and a documented business constraint
- D. A legitimate technical constraint
正解: A
質問 37
What is the Appendix A on PCI DSS 3.0?
- A. Compensating Controls
- B. Segmentation and Sampling of Business Facilities/System Components
- C. Cloud Computing Guidelines
- D. Additional PCI DSS Requirements for Shared Hosting Providers
正解: D
質問 38
Who can perform quarterly external vulnerability scans meeting requirement 11.2.2?
- A. IT Security personnel
- B. Approved Scanning Vendor (ASV) approved by PCI SSC
- C. Qualified personnel
- D. Any employee
正解: B
質問 39
Which statement is true regarding sensitive authentication data?
- A. Encrypt sensitive authentication data removes it from PC DSS scope
- B. Sensitive authentication data includes PAN and service code
- C. Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card
- D. Sensitive data is required for recurring transactions
正解: C
質問 40
Internal and external penetration tests should be performed_______________ to meet requirement
1 1.3.1 and 11.3.2
- A. Yearly
- B. Monthly
- C. Every 60 days
- D. Quarterly
正解: A
質問 41
Internal and external vulnerability scans should run at minimum on every __________ to meet requirement 11.2
- A. 60 days
- B. 90 days
- C. 30 days
- D. 180 days
正解: B
質問 42
PCI compliance do not apply on Virtualized environments
- A. False
- B. True
正解: A
質問 43
Which of the following lists the correct "order" for the flow of a payment card transaction?
- A. Authorization, Clearing, Settlement
- B. Authorization, Settlement, Clearing
- C. Clearing, Authorization, Settlement
- D. Clearing, Settlement, Authorization
正解: A
質問 44
Which of the following entities will ultimately approve a purchase?
- A. Payment Transaction Gateway
- B. Issuing Bank
- C. Acquiring Bank
- D. Merchant
正解: B
質問 45
Entities involved in payment card processing via mobile devices (like a phone or tablet) can reduce the risks to the security of cardholder data by:
- A. Encrypting account data within the mobile device using an approved encryption application
- B. Encrypting account data at the point of capture using an approved point of interaction device
- C. Storing account data withing the mobile device
- D. Imputing account data directly into mobile device
正解: B
質問 46
The Information Supplements: (Select ALL that apply)
- A. Do not replace or supersede any PCI standard
- B. May be used as compensating control replacing one of the requirements
- C. Include recommendations and best practices
- D. Provide additional guidance on specific technologies
正解: A,C,D
質問 47
......
最新PCIP3.0テスト材料には有効なPCIP3.0テストエンジン:https://www.jpntest.com/shiken/PCIP3.0-mondaishu