
最近更新の2023年05月テストエンジンとPDF PCI PCIP3.0テストあなたの最速PCI合格準備を保証させる!
完全版PCIP3.0練習テスト90別格な問題と解釈が待ってます。今すぐゲット!
質問 # 43
Identify and authenticate access to system components is the __________
- A. Requirement 9
- B. Requirement 10
- C. Requirement 11
- D. Requirement 8
正解:D
質問 # 44
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database
- A. False
- B. True
正解:A
質問 # 45
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)
- A. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
- B. Don't forget about people
- C. Focus on security, not on compliance
- D. PCI DSS is not a once-a-year activity
正解:A、B、C、D
質問 # 46
Protect stored cardholder data is the ____________
- A. Requirement 5
- B. Requirement 4
- C. Requirement 3
- D. Requirement 2
正解:C
質問 # 47
When masking the PAN what is the maximum number of digits allowed to be displayed
- A. The first four and the last six
- B. The first four and the last four
- C. The display of PAN digits are prohibited
- D. The first six and the last four
正解:D
質問 # 48
Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility
- A. Suspension
- B. Fee
- C. Warning
- D. Revocation
正解:A、C、D
質問 # 49
PCI compliance do not apply on Virtualized environments
- A. False
- B. True
正解:A
質問 # 50
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).
- A. True
- B. False
正解:A
質問 # 51
Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.
- A. NIST SP 800-30
- B. OCTAVE
- C. ISO 27005
- D. NIST SP 800-53
正解:A、B、C
質問 # 52
Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?
- A. 60 days
- B. 30 days
- C. 180 days
- D. 90 days
正解:D
質問 # 53
Restrict physical access to cardholder data is the _________
- A. Requirement 7
- B. Requirement 10
- C. Requirement 8
- D. Requirement 9
正解:D
質問 # 54
Existing PCI DSS requirements may be combined with new controls to become a compensating control.
- A. True
- B. False
正解:A
質問 # 55
The presumption of P2PE is that:
- A. The data can be decrypted between the source and the destination points
- B. The data can never be decrypted
- C. The data cannot be decrypted between the source and the destination points
- D. Any entity in possession of the ciphertext can easily reverse the encryption process
正解:C
質問 # 56
What is the Appendix B on PCI DSS 3.0?
- A. Compensating Controls
- B. Segmentation and Sampling of Business Facilities/System Components
- C. Additional PCI DSS Requirements for Shared Hosting Providers
- D. Compensating Controls Worksheet
正解:A
質問 # 57
What is the Appendix A on PCI DSS 3.0?
- A. Cloud Computing Guidelines
- B. Additional PCI DSS Requirements for Shared Hosting Providers
- C. Compensating Controls
- D. Segmentation and Sampling of Business Facilities/System Components
正解:B
質問 # 58
Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?
- A. Telnet
- B. RLogon
- C. FTP
- D. SSH
正解:D
質問 # 59
Restrict access to cardholder data by business need-to-know
- A. Requirement 7
- B. Requirement 9
- C. Requirement 10
- D. Requirement 8
正解:A
質問 # 60
The Information Supplements: (Select ALL that apply)
- A. May be used as compensating control replacing one of the requirements
- B. Do not replace or supersede any PCI standard
- C. Include recommendations and best practices
- D. Provide additional guidance on specific technologies
正解:B、C、D
質問 # 61
A company that ________ is considered to be a service provider.
- A. is not also a merchant
- B. is a payment card brand
- C. controls or could impact the security of another entity's
- D. is a founding member of PCI SSC
正解:C
質問 # 62
SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:
- A. Device serial number or other unique identification
- B. Location of device
- C. Proof of purchase
- D. Make, model of device
正解:A、B、D
質問 # 63
......
完全版PCIP3.0練習テスト90別格な問題と解釈が待ってます。:https://jp.fast2test.com/PCIP3.0-premium-file.html