最新の2022年02月試験PCIP3.0問題集で合格させる認証試験合格させます
最新でリアルなPCI PCIP3.0試験問題集解答があります
質問 52
Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.
- A. OCTAVE
- B. NIST SP 800-53
- C. NIST SP 800-30
- D. ISO 27005
正解: A,C,D
質問 53
Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?
- A. 180 days
- B. 90 days
- C. 60 days
- D. 30 days
正解: B
質問 54
SELECT ALL THAT APPLY
Select all audit trails that must be recorded for all system components according to requirement 10.3
- A. User identification
- B. Date and time
- C. Type of event
- D. Origination of event
- E. Success or failure identification
- F. Identity or name of affected data, system component, or resource
正解: A,B,C,D,E,F
質問 55
Maintain a policy that addresses information security for all personnel is the ________
- A. Requirement 11
- B. Requirement 9
- C. Requirement 10
- D. Requirement 12
正解: D
質問 56
Which of the below functions is associated with Acquirers?
- A. Provide authorization services to a merchant
- B. Provide clearing services to a merchant
- C. All of the options
- D. Provide settlement services to a merchant
正解: C
質問 57
Encrypt transmission of cardholder data across open, public networks is the ______
- A. Requirement 5
- B. Requirement 1
- C. Requirement 2
- D. Requirement 4
正解: D
質問 58
It's NOT required that all four quarters of passing scan in order to meet requirement 11.2
- A. True
- B. False
正解: B
質問 59
The Information Supplements: (Select ALL that apply)
- A. Do not replace or supersede any PCI standard
- B. Include recommendations and best practices
- C. May be used as compensating control replacing one of the requirements
- D. Provide additional guidance on specific technologies
正解: A,B,D
質問 60
As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?
- A. No access to cardholder data should be permitted
- B. Business need to know
- C. Maximum priviledge
- D. Number of personnel in the organization
正解: B
質問 61
The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote network access originating from outside the network by personnel and all third parties.
- A. True
- B. False
正解: B
質問 62
The lockout of an user ID should be set until an administrator re-enables the user or to a minimum of
- A. 60 minutes
- B. 30 minutes
- C. 15 minutes
- D. 10 minutes
正解: B
質問 63
If an e-commerce service provider was deemed eligible to complete an SAQ, which SAQ would they use?
- A. SAQ C
- B. SAQ A
- C. SAQ B
- D. SAQ D
正解: D
質問 64
According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.
- A. True
- B. False
正解: A
質問 65
An user should be required to re-authenticate to activate the terminal or session if it's been idle for more than
- A. 60 minutes
- B. 30 minutes
- C. 15 minutes
- D. 10 minutes
正解: C
質問 66
PCI DSS Requirement 5 states that anti-virus software must be:
- A. Configured to allow users to disable it as desired
- B. Installed on all systems, even those not commonly affected by malware
- C. Installed on all systems commonly affected by malware
- D. Updated at least annually
正解: C
質問 67
Existing PCI DSS requirements may be combined with new controls to become a compensating control.
- A. True
- B. False
正解: A
質問 68
Protect all systems against malware and regularly updated anti-virus software or programs is the
____________
- A. Requirement 4
- B. Requirement 5
- C. Requirement 6
- D. Requirement 7
正解: B
質問 69
What is the Appendix B on PCI DSS 3.0?
- A. Segmentation and Sampling of Business Facilities/System Components
- B. Additional PCI DSS Requirements for Shared Hosting Providers
- C. Compensating Controls
- D. Compensating Controls Worksheet
正解: C
質問 70
Which statement is true regarding sensitive authentication data?
- A. Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card
- B. Sensitive data is required for recurring transactions
- C. Encrypt sensitive authentication data removes it from PC DSS scope
- D. Sensitive authentication data includes PAN and service code
正解: A
質問 71
PCIPs are required to adhere to the Code of Professional Responsibility, which includes:
- A. Sharing confidential information with other PCIPs
- B. Performing subjective evaluation of ethical violations
- C. Perform PCI DSS compliance assessments
- D. Comply with industry laws and standards
正解: D
質問 72
SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:
- A. Make, model of device
- B. Location of device
- C. Device serial number or other unique identification
- D. Proof of purchase
正解: A,B,C
質問 73
......
PCIP3.0問題集を使って一日でPCI Certification試験最速合格:https://www.jpntest.com/shiken/PCIP3.0-mondaishu