最近更新の2023年05月テストエンジンとPDF PCI PCIP3.0テストあなたの最速PCI合格準備を保証させる! [Q43-Q63]

Share

最近更新の2023年05月テストエンジンとPDF PCI PCIP3.0テストあなたの最速PCI合格準備を保証させる!

完全版PCIP3.0練習テスト90別格な問題と解釈が待ってます。今すぐゲット!

質問 # 43
Identify and authenticate access to system components is the __________

  • A. Requirement 9
  • B. Requirement 10
  • C. Requirement 11
  • D. Requirement 8

正解:D


質問 # 44
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database

  • A. False
  • B. True

正解:A


質問 # 45
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)

  • A. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
  • B. Don't forget about people
  • C. Focus on security, not on compliance
  • D. PCI DSS is not a once-a-year activity

正解:A、B、C、D


質問 # 46
Protect stored cardholder data is the ____________

  • A. Requirement 5
  • B. Requirement 4
  • C. Requirement 3
  • D. Requirement 2

正解:C


質問 # 47
When masking the PAN what is the maximum number of digits allowed to be displayed

  • A. The first four and the last six
  • B. The first four and the last four
  • C. The display of PAN digits are prohibited
  • D. The first six and the last four

正解:D


質問 # 48
Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility

  • A. Suspension
  • B. Fee
  • C. Warning
  • D. Revocation

正解:A、C、D


質問 # 49
PCI compliance do not apply on Virtualized environments

  • A. False
  • B. True

正解:A


質問 # 50
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).

  • A. True
  • B. False

正解:A


質問 # 51
Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.

  • A. NIST SP 800-30
  • B. OCTAVE
  • C. ISO 27005
  • D. NIST SP 800-53

正解:A、B、C


質問 # 52
Users passwords/passphrases should be changed on a minimal of what interval to meet Requirement
8 .2.4?

  • A. 60 days
  • B. 30 days
  • C. 180 days
  • D. 90 days

正解:D


質問 # 53
Restrict physical access to cardholder data is the _________

  • A. Requirement 7
  • B. Requirement 10
  • C. Requirement 8
  • D. Requirement 9

正解:D


質問 # 54
Existing PCI DSS requirements may be combined with new controls to become a compensating control.

  • A. True
  • B. False

正解:A


質問 # 55
The presumption of P2PE is that:

  • A. The data can be decrypted between the source and the destination points
  • B. The data can never be decrypted
  • C. The data cannot be decrypted between the source and the destination points
  • D. Any entity in possession of the ciphertext can easily reverse the encryption process

正解:C


質問 # 56
What is the Appendix B on PCI DSS 3.0?

  • A. Compensating Controls
  • B. Segmentation and Sampling of Business Facilities/System Components
  • C. Additional PCI DSS Requirements for Shared Hosting Providers
  • D. Compensating Controls Worksheet

正解:A


質問 # 57
What is the Appendix A on PCI DSS 3.0?

  • A. Cloud Computing Guidelines
  • B. Additional PCI DSS Requirements for Shared Hosting Providers
  • C. Compensating Controls
  • D. Segmentation and Sampling of Business Facilities/System Components

正解:B


質問 # 58
Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?

  • A. Telnet
  • B. RLogon
  • C. FTP
  • D. SSH

正解:D


質問 # 59
Restrict access to cardholder data by business need-to-know

  • A. Requirement 7
  • B. Requirement 9
  • C. Requirement 10
  • D. Requirement 8

正解:A


質問 # 60
The Information Supplements: (Select ALL that apply)

  • A. May be used as compensating control replacing one of the requirements
  • B. Do not replace or supersede any PCI standard
  • C. Include recommendations and best practices
  • D. Provide additional guidance on specific technologies

正解:B、C、D


質問 # 61
A company that ________ is considered to be a service provider.

  • A. is not also a merchant
  • B. is a payment card brand
  • C. controls or could impact the security of another entity's
  • D. is a founding member of PCI SSC

正解:C


質問 # 62
SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:

  • A. Device serial number or other unique identification
  • B. Location of device
  • C. Proof of purchase
  • D. Make, model of device

正解:A、B、D


質問 # 63
......

完全版PCIP3.0練習テスト90別格な問題と解釈が待ってます。:https://jp.fast2test.com/PCIP3.0-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어