次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)
  • ホーム
  • ブログ
  • 2023年最新のPCIP3.0問題集レビュー専門クイズ学習材料 [Q54-Q77]

2023年最新のPCIP3.0問題集レビュー専門クイズ学習材料 [Q54-Q77]

Share

2023年最新のPCIP3.0問題集レビュー専門クイズ学習材料

PCIP3.0テスト準備トレーニング練習試験問題 練習テスト


PCIP3.0試験は、PCI DSSの6つの領域をカバーしています:安全なネットワークの構築と維持、カードホルダーデータの保護、脆弱性管理プログラムの維持、強力なアクセス制御措置の実施、ネットワークの定期的な監視とテスト、情報セキュリティポリシーの維持。試験は80の多肢選択問題から構成され、受験者は90分以内に完了する必要があります。試験に合格するには60%以上のスコアが必要です。成功した候補者は、PCI DSSにおける専門知識を証明する有効期間3年のPCIP認定書を受け取ります。


PCI PCIP3.0 (Payment Card Industry Professional) 試験は、支払カード業界及びそのセキュリティ標準を包括的に理解することができるよう、業界に認められた認定プログラムです。この試験は、自分たちの組織で支払カードのセキュリティを維持し実装する責任を持つ人々を対象に設計されています。支払カード業界で働いている人々、または支払カードデータを扱うビジネスにとって不可欠な認定資格です。

 

質問 # 54
Internal and external penetration tests should be performed_______________ to meet requirement
1 1.3.1 and 11.3.2

  • A. Quarterly
  • B. Every 60 days
  • C. Yearly
  • D. Monthly

正解:C


質問 # 55
Do not use vendor-supplied defaults for system passwords and other security parameters is the
___________

  • A. Requirement 4
  • B. Requirement 3
  • C. Requirement 2
  • D. Requirement 1

正解:C


質問 # 56
The PCI DSS Requirement most closely associated with "Logging" is ____________

  • A. Requirement 8
  • B. Requirement 10
  • C. Requirement 11
  • D. Requirement 2

正解:B


質問 # 57
The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote network access originating from outside the network by personnel and all third parties.

  • A. False
  • B. True

正解:A


質問 # 58
SELECT ALL THAT APPLY
Select all audit trails that must be recorded for all system components according to requirement 10.3

  • A. Type of event
  • B. Success or failure identification
  • C. User identification
  • D. Date and time
  • E. Identity or name of affected data, system component, or resource
  • F. Origination of event

正解:A、B、C、D、E、F


質問 # 59
Quarterly internal vulnerability scans should be executed and rescans as needed until what point?

  • A. High-risk vulnerabilities (as defined in Requirement 6.1) are resolved
  • B. All identified vulnerabilities are resolved
  • C. High and medium risks vulnerabilities are resolved
  • D. Until you get a PCI Scan passing score

正解:A


質問 # 60
The Information Supplements: (Select ALL that apply)

  • A. Include recommendations and best practices
  • B. Do not replace or supersede any PCI standard
  • C. May be used as compensating control replacing one of the requirements
  • D. Provide additional guidance on specific technologies

正解:A、B、D


質問 # 61
PCI DSS Requirement Appendix A is intended for:

  • A. Any third party that stores, processes, or transmits cardholder data on behalf of another entity
  • B. Issuing banks and acquirers
  • C. Shared hosting providers
  • D. Merchants with data center environments

正解:C


質問 # 62
An user should be required to re-authenticate to activate the terminal or session if it's been idle for more than

  • A. 60 minutes
  • B. 15 minutes
  • C. 30 minutes
  • D. 10 minutes

正解:B


質問 # 63
The use of Tokenization can eliminate the need for PCI Compliance

  • A. False
  • B. True

正解:A


質問 # 64
When evaluating "above and beyond" for compensating controls, an existing PCI DSS requirement MAY be considered as compensating controls if they are required for another area, but are not required for the item under review

  • A. False
  • B. True

正解:B


質問 # 65
Storing track data "long-term" or "persistently" is permitted when

  • A. it's been stored by issuers
  • B. it's encrypted by the merchant storing it
  • C. it's hashed by the merchant storing it
  • D. it's reported to the PCI SSC annually in a RoC

正解:A


質問 # 66
To render PAN unreadable anywhere it is stored one-way hashes must be implemented based on strong cryptography on

  • A. on the first half of the PAN
  • B. the entire PAN
  • C. on half of the PAN
  • D. on the last half of the PAN

正解:B


質問 # 67
Passwords/Passphrases should not be allowed if the same of the last ____ used passwords/passphrases.
(Requirement 8.2.5)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:A


質問 # 68
To whom is Self-Assessment Question naire (SAQ) A intended for?

  • A. Merchants with Payment Application Systems Connected to the Internet-No Electronic Cardholder
    Data Storage Merchants with Payment Application Systems Connected to the Internet- No Electronic
    Cardholder Data Storage Merchants with Payment Application Systems Connected to the Internet-No
    Electronic Cardholder Data Storage Merchants with Payment Application Systems Connected to the
    Internet-No Electronic Cardholder Data Storage Merchants with Payment Application Systems
    Connected to the Internet - No Electronic Cardholder Data Storage
  • B. Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals- No Electronic
    Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals
    No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone,
    Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or
    Only Standalone, Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only
    Imprint Machines or Only Standalone, Dial-Out Terminals - No Electronic Cardholder Data Storage
  • C. Merchants with Web-Based Virtual Payment Terminals-No Electronic Cardholder Data Storage
  • D. Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced

正解:D


質問 # 69
Methods for stealing payment card data include:

  • A. Malware
  • B. Weak passwords
  • C. Physical skimming
  • D. All of the options are correct

正解:D


質問 # 70
Imprint-Only Merchants with no electronic storage of cardholder data may be eligible to use which SAQ?

  • A. SAQ D
  • B. SAQ B
  • C. SAQ C/VT
  • D. SAQ A

正解:B


質問 # 71
When masking the PAN what is the maximum number of digits allowed to be displayed

  • A. The first six and the last four
  • B. The first four and the last six
  • C. The display of PAN digits are prohibited
  • D. The first four and the last four

正解:A


質問 # 72
Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?

  • A. 90 days
  • B. 30 days
  • C. 60 days
  • D. 180 days

正解:A


質問 # 73
Internal and external vulnerability scans should run at minimum on every __________ to meet requirement 11.2

  • A. 90 days
  • B. 30 days
  • C. 60 days
  • D. 180 days

正解:A


質問 # 74
Requirement 8.2.3 states that passwords/phrases must contain both numeric and alphabetic characters and a minimum length of at least

  • A. 14 characters
  • B. 6 characters
  • C. 7 characters
  • D. 8 characters

正解:C


質問 # 75
Compensating controls must: (Select ALL that applies)

  • A. Be commensurate with additional risk imposed by not adhering to original requirement
  • B. Sufficiently offset the risk that the original PCI DSS requirement was designed to defend against
  • C. Be "above and beyond" other PCI DSS requirement (i.e., not simply in compliance with other requirements)
  • D. Meet the intent and rigor of the original PCI requirement

正解:A、B、C、D


質問 # 76
PCI DSS Requirement 3.4 states that PAN must be rendered unreadable when stored. Which of the following may be used to meet this requirement?

  • A. masking the entire PAN using industry standards
  • B. Hashing the entire PAN using strong cryptography
  • C. Hiding the column containing PAN data in the database
  • D. Encryption of the first six and last four numbers of the PAN

正解:B


質問 # 77
......

試験問題解答ブレーン問題集でPCIP3.0試験問題集PDF問題:https://www.jpntest.com/shiken/PCIP3.0-mondaishu

関するブログ

もっと
PCIP3.0無料問題集

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験