最新(2023)PCI PCIP3.0試験問題集 [Q24-Q45]

Share

最新(2023)PCI PCIP3.0試験問題集

最適な練習法にはPCI PCIP3.0試験の素晴らしいPCIP3.0試験問題PDF


PCI PCIP3.0認定試験は、PCIデータセキュリティスタンダード(PCI DSS)、POSデバイスのセキュリティ、および安全な支払いカード処理に関連するトピックをカバーしています。この試験は60問の多肢選択問題から構成され、支払いカードデータを保護するための業界標準と最良のプラクティスに関する候補者の知識をテストするために設計されています。試験に合格すると、候補者は支払いカード業界における卓越性の証として認められるPCIP3.0認定資格を取得します。認定は3年間有効であり、その後、関連する試験に合格するか、継続教育クレジットを修了することで再認定が必要です。


Payment Card Industry Professional(PCIP)認定は、ペイメントカード業界で働く専門家のためのグローバルに認知された資格です。この認定は、ペイメントカード情報の処理に関するPayment Card Industry Data Security Standard(PCI DSS)およびその他のセキュリティ要件の包括的な理解を示すために設計されています。最新バージョンの認定であるPCIP 3.0は、業界の最新のベストプラクティスや標準をカバーしています。

 

質問 # 24
The use of Tokenization can eliminate the need for PCI Compliance

  • A. False
  • B. True

正解:A


質問 # 25
Merchants using P2PE solutions are still required to validate to PCI DSS

  • A. True
  • B. False

正解:A


質問 # 26
According to requirement 8.1.6 an user ID should be locked out after a maximum how many repeated access attempts?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:A


質問 # 27
Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be

  • A. stronger than the data-encrypting keys
  • B. at least as strong as the data-encrypting keys
  • C. less stronger as the data-encrypting keys
  • D. stored at the same location of the data-encrypting key

正解:B


質問 # 28
In order to be considered a compensating control, which of the following must exist:

  • A. A legitimate technical constraint and a documented business constraint
  • B. A legitimate technical constraint or a documented business constraint
  • C. A documented business constraint
  • D. A legitimate technical constraint

正解:B


質問 # 29
Information Security Policies must be reviewed/updated _____________ to meet requirement 12.1.1

  • A. Monthly
  • B. Quarterly
  • C. Every 6 months
  • D. Yearly

正解:D


質問 # 30
The implementation of a Security Awareness Program (Requirement 12.6) requires that personnel must be educated upon hire and at least

  • A. Monthly
  • B. Quarterly
  • C. Every 6 months
  • D. Yearly

正解:D


質問 # 31
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).

  • A. True
  • B. False

正解:A


質問 # 32
Encrypt transmission of cardholder data across open, public networks is the ______

  • A. Requirement 1
  • B. Requirement 2
  • C. Requirement 5
  • D. Requirement 4

正解:D


質問 # 33
Which statement is true regarding sensitive authentication data?

  • A. Encrypt sensitive authentication data removes it from PC DSS scope
  • B. Sensitive data is required for recurring transactions
  • C. Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card
  • D. Sensitive authentication data includes PAN and service code

正解:C


質問 # 34
Quarterly internal vulnerability scans should be executed and rescans as needed until what point?

  • A. High-risk vulnerabilities (as defined in Requirement 6.1) are resolved
  • B. All identified vulnerabilities are resolved
  • C. High and medium risks vulnerabilities are resolved
  • D. Until you get a PCI Scan passing score

正解:A


質問 # 35
Methods for stealing payment card data include:

  • A. All of the options are correct
  • B. Malware
  • C. Weak passwords
  • D. Physical skimming

正解:A


質問 # 36
Payment cards has typically 2 tracks, track 1 and track 2 that has respectively how many characters in length?

  • A. 79 and 40
  • B. 40 and 16
  • C. 40 and 79
  • D. 16 and 40

正解:A


質問 # 37
Storing track data "long-term" or "persistently" is permitted when

  • A. it's reported to the PCI SSC annually in a RoC
  • B. it's been stored by issuers
  • C. it's hashed by the merchant storing it
  • D. it's encrypted by the merchant storing it

正解:B


質問 # 38
Protect stored cardholder data is the ____________

  • A. Requirement 4
  • B. Requirement 2
  • C. Requirement 5
  • D. Requirement 3

正解:D


質問 # 39
Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?

  • A. 90 days
  • B. 60 days
  • C. 180 days
  • D. 30 days

正解:A


質問 # 40
Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility

  • A. Revocation
  • B. Warning
  • C. Suspension
  • D. Fee

正解:A、B、C


質問 # 41
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:

  • A. Verbal warning, suspension, monthly fines
  • B. Verbal warning, one-off fine, revocation
  • C. Written warning, suspension, revocation
  • D. Written warning, remediation, monthly fines

正解:C


質問 # 42
It's NOT required that all four quarters of passing scan in order to meet requirement 11.2

  • A. False
  • B. True

正解:A


質問 # 43
As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?

  • A. Maximum priviledge
  • B. No access to cardholder data should be permitted
  • C. Number of personnel in the organization
  • D. Business need to know

正解:D


質問 # 44
PCI DSS Requirement Appendix A is intended for:

  • A. Issuing banks and acquirers
  • B. Merchants with data center environments
  • C. Shared hosting providers
  • D. Any third party that stores, processes, or transmits cardholder data on behalf of another entity

正解:C


質問 # 45
......


PCI PCIP3.0(Payment Card Industry Professional)試験は、個人がPayment Card Industry Data Security Standards(PCI DSS)に関連する知識とスキルをテストするためのプロフェッショナル認定試験です。PCI DSSは、主要なクレジットカード会社によって作成されたセキュリティ基準であり、機密情報を安全に取り扱うことを保証します。PCIP認定は、ITプロフェッショナル、セキュリティコンサルタント、監査人など、PCI DSSと共に働くプロフェッショナルを対象としています。

 

更新された検証済みの合格させるPCIP3.0リアル試験問題と解答:https://jp.fast2test.com/PCIP3.0-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어