PCIは2023年最新のPCIP3.0テスト解説(更新されたのは90問があります) [Q46-Q69]

Share

PCIは2023年最新のPCIP3.0テスト解説(更新されたのは90問があります)

PCIP3.0試験問題集を提供していますPCI問題


支払いカード業界の専門家(PCIP)認定試験は、支払いカード業界の分野で高く評価されている認定です。これは、商人、プロセッサ、金融機関など、支払いカードデータを使用する専門家向けに設計されています。 PCIP認定試験は、業界の個人の専門知識を検証し、支払いカード業界のセキュリティ基準評議会(PCI SSC)によって設定された基準を強く理解することを目的としています。


PCI PCIP3.0(ペイメントカード業界プロフェッショナル)認定試験は、ペイメントカード業界コンプライアンスの分野における個人の知識と専門知識を検証する業界で認められた資格です。認定試験は、PCIデータセキュリティスタンダード(PCI DSS)の理解と安全なペイメントカード環境を実装および維持する能力をテストするよう設計されています。

 

質問 # 46
What is the Appendix B on PCI DSS 3.0?

  • A. Compensating Controls
  • B. Compensating Controls Worksheet
  • C. Segmentation and Sampling of Business Facilities/System Components
  • D. Additional PCI DSS Requirements for Shared Hosting Providers

正解:A


質問 # 47
PCI DSS Requirement Appendix A is intended for:

  • A. Any third party that stores, processes, or transmits cardholder data on behalf of another entity
  • B. Merchants with data center environments
  • C. Issuing banks and acquirers
  • D. Shared hosting providers

正解:D


質問 # 48
Regularly test security systems and processes is the ___________

  • A. Requirement 11
  • B. Requirement 9
  • C. Requirement 12
  • D. Requirement 10

正解:A


質問 # 49
Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use?

  • A. SAQ D
  • B. SAQ C/VT
  • C. SAQ A
  • D. SAQ B

正解:C


質問 # 50
Identify and authenticate access to system components is the __________

  • A. Requirement 11
  • B. Requirement 9
  • C. Requirement 8
  • D. Requirement 10

正解:C


質問 # 51
SELECT ALL THAT MATCHES
Examples of two-factor technologies include:

  • A. TACACS with tokens
  • B. Single Sign On SAML 2.0
  • C. Digital Certificates (if unique per ID)
  • D. RADIUS with tokens

正解:A、C、D


質問 # 52
When masking the PAN what is the maximum number of digits allowed to be displayed

  • A. The first four and the last four
  • B. The first four and the last six
  • C. The first six and the last four
  • D. The display of PAN digits are prohibited

正解:C


質問 # 53
If virtualization technologies are used in a cardholder data environment:

  • A. Entities using virtualization technologies should complete SAQ C
  • B. Virtualization technologies should not be used in the cardholder data environment
  • C. The virtualization technologies are not in scope for PCI DSS
  • D. The virtualization technologies are included in scope for PCI DSS

正解:D


質問 # 54
Existing PCI DSS requirements may be combined with new controls to become a compensating control.

  • A. True
  • B. False

正解:A


質問 # 55
What is the Appendix A on PCI DSS 3.0?

  • A. Cloud Computing Guidelines
  • B. Additional PCI DSS Requirements for Shared Hosting Providers
  • C. Compensating Controls
  • D. Segmentation and Sampling of Business Facilities/System Components

正解:B


質問 # 56
If an e-commerce service provider was deemed eligible to complete an SAQ, which SAQ would they use?

  • A. SAQ D
  • B. SAQ B
  • C. SAQ A
  • D. SAQ C

正解:A


質問 # 57
Maintain a policy that addresses information security for all personnel is the ________

  • A. Requirement 11
  • B. Requirement 9
  • C. Requirement 12
  • D. Requirement 10

正解:C


質問 # 58
The PCI DSS Requirement most closely associated with "Logging" is ____________

  • A. Requirement 11
  • B. Requirement 2
  • C. Requirement 10
  • D. Requirement 8

正解:C


質問 # 59
An user should be required to re-authenticate to activate the terminal or session if it's been idle for more than

  • A. 60 minutes
  • B. 30 minutes
  • C. 10 minutes
  • D. 15 minutes

正解:D


質問 # 60
PCI Requirement 12.6 requires personnel to acknowledge at least _______ that they have read and understood the security policy and procedures.

  • A. Every six months
  • B. Once during their employment
  • C. Annually
  • D. Quarterly

正解:C


質問 # 61
To whom is Self-Assessment Question naire (SAQ) A intended for?

  • A. Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced
  • B. Merchants with Payment Application Systems Connected to the Internet-No Electronic Cardholder
    Data Storage Merchants with Payment Application Systems Connected to the Internet- No Electronic
    Cardholder Data Storage Merchants with Payment Application Systems Connected to the Internet-No
    Electronic Cardholder Data Storage Merchants with Payment Application Systems Connected to the
    Internet-No Electronic Cardholder Data Storage Merchants with Payment Application Systems
    Connected to the Internet - No Electronic Cardholder Data Storage
  • C. Merchants with Web-Based Virtual Payment Terminals-No Electronic Cardholder Data Storage
  • D. Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals- No Electronic
    Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals
    No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone,
    Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or
    Only Standalone, Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only
    Imprint Machines or Only Standalone, Dial-Out Terminals - No Electronic Cardholder Data Storage

正解:A


質問 # 62
Merchants using only web-based virtual payment terminals, no electronic cardholder data storage, may be eligible to use what SAQ?

  • A. SAQ C-VT
  • B. SAQ D
  • C. SAQ B
  • D. SAQ A
  • E. SAQ C

正解:A


質問 # 63
As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?

  • A. Business need to know
  • B. No access to cardholder data should be permitted
  • C. Number of personnel in the organization
  • D. Maximum priviledge

正解:A


質問 # 64
The presumption of P2PE is that:

  • A. The data can never be decrypted
  • B. The data cannot be decrypted between the source and the destination points
  • C. The data can be decrypted between the source and the destination points
  • D. Any entity in possession of the ciphertext can easily reverse the encryption process

正解:B


質問 # 65
Storing track data "long-term" or "persistently" is permitted when

  • A. it's encrypted by the merchant storing it
  • B. it's been stored by issuers
  • C. it's reported to the PCI SSC annually in a RoC
  • D. it's hashed by the merchant storing it

正解:B


質問 # 66
PCI compliance do not apply on Virtualized environments

  • A. True
  • B. False

正解:B


質問 # 67
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database

  • A. True
  • B. False

正解:B


質問 # 68
According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.

  • A. True
  • B. False

正解:A


質問 # 69
......

PCIP3.0認定ガイドPDFは100%カバー率でリアル試験問題:https://jp.fast2test.com/PCIP3.0-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어