Assessor_New_V4 無料問題集「PCI SSC Assessor_New_V4」

（A）There are different AOC templates for service providers and merchants

（B）The AOC must be signed by both the merchant/service provider and by PCI SSC

（C）The same AOC template is used for ROCs and SAQs

（D）The AOC must be signed by either the merchant service provider or the QSA'ISA

（A）The hashed and truncated versions must be correlated so the source PAN can be identified

（B）Hashed and truncated versions of a PAN must not exist in same environment

（C）The hashed version of the PAN must also be truncated per PCI OSS requirements for strong cryptography.

（D）Controls are needed to prevent the original PAN being exposed by the hashed and truncated versions

（A）The entity must monitor the TPSP's PCI DSS compliance status at least annually

（B）The entity must test the TPSP's incident response plan at least quarterly

（C）The entity must conduct ASV scans on the TPSP's systems at least annually

（D）The entity must perform a risk assessment of the TPSP's environment at least quarterly.

（A）Any software developed by a third party that can be customized by an entity.

（B）Virtual payment terminals

（C）Any software developed by a third party

（D）Software developed by an entity for the entity's own use

（A）Only software which runs on PCI PTS devices

（B）Validated Payment Applications that are listed by PCI SSC and have undergone a PA-DSS assessment

（C）Software developed by the entity in accordance with the Secure SLC Standard

（D）Any payment software in the CDE

（A）Verify that approved devices and applications are used for the segmentation controls

（B）Verify the controls used for segmentation are configured properly and functioning as intended

（C）Verify the segmentation controls allow only necessary traffic into the cardholder data environment.

（D）Verify the payment card brands have approved the segmentation