
PCIP3.0問題集PDFでPCIP3.0リアル試験問題解答
時間限定!今すぐ試そうPCIP3.0試験 [2022] 問題集でPCIのPDF問題
質問 36
Which of the following lists the correct "order" for the flow of a payment card transaction?
- A. Clearing, Authorization, Settlement
- B. Authorization, Settlement, Clearing
- C. Clearing, Settlement, Authorization
- D. Authorization, Clearing, Settlement
正解: D
質問 37
Protect stored cardholder data is the ____________
- A. Requirement 2
- B. Requirement 4
- C. Requirement 3
- D. Requirement 5
正解: C
質問 38
Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?
- A. SAQ B
- B. SAQ D
- C. SAQ C-VT
- D. SAQ C
- E. SAQ A
正解: D
質問 39
If an e-commerce service provider was deemed eligible to complete an SAQ, which SAQ would they use?
- A. SAQ C
- B. SAQ B
- C. SAQ A
- D. SAQ D
正解: D
質問 40
Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.
- A. NIST SP 800-53
- B. NIST SP 800-30
- C. OCTAVE
- D. ISO 27005
正解: B,C,D
質問 41
Merchants using P2PE solutions are still required to validate to PCI DSS
- A. True
- B. False
正解: A
質問 42
Existing PCI DSS requirements may be combined with new controls to become a compensating control.
- A. True
- B. False
正解: A
質問 43
A digital certificate is a valid for "something you have" as long as it is unique for a particular user.
- A. True
- B. False
正解: A
質問 44
What is the Appendix A on PCI DSS 3.0?
- A. Cloud Computing Guidelines
- B. Additional PCI DSS Requirements for Shared Hosting Providers
- C. Compensating Controls
- D. Segmentation and Sampling of Business Facilities/System Components
正解: B
質問 45
Encrypt transmission of cardholder data across open, public networks is the ______
- A. Requirement 2
- B. Requirement 1
- C. Requirement 4
- D. Requirement 5
正解: C
質問 46
Who can perform quarterly external vulnerability scans meeting requirement 11.2.2?
- A. IT Security personnel
- B. Any employee
- C. Approved Scanning Vendor (ASV) approved by PCI SSC
- D. Qualified personnel
正解: C
質問 47
Which of the below functions is associated with Acquirers?
- A. Provide clearing services to a merchant
- B. All of the options
- C. Provide authorization services to a merchant
- D. Provide settlement services to a merchant
正解: B
質問 48
Track and monitor all access to network resources and cardholder data is the ___________
- A. Requirement 10
- B. Requirement 8
- C. Requirement 9
- D. Requirement 11
正解: A
質問 49
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:
- A. Written warning, suspension, revocation
- B. Verbal warning, suspension, monthly fines
- C. Written warning, remediation, monthly fines
- D. Verbal warning, one-off fine, revocation
正解: A
質問 50
Develop and maintain secure systems and applications is the _________
- A. Requirement 8
- B. Requirement 6
- C. Requirement 7
- D. Requirement 5
正解: B
質問 51
PCIPs are required to adhere to the Code of Professional Responsibility, which includes:
- A. Comply with industry laws and standards
- B. Perform PCI DSS compliance assessments
- C. Performing subjective evaluation of ethical violations
- D. Sharing confidential information with other PCIPs
正解: A
質問 52
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database
- A. False
- B. True
正解: A
質問 53
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)
- A. Don't forget about people
- B. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
- C. Focus on security, not on compliance
- D. PCI DSS is not a once-a-year activity
正解: A,B,C,D
質問 54
Regularly test security systems and processes is the ___________
- A. Requirement 9
- B. Requirement 12
- C. Requirement 11
- D. Requirement 10
正解: C
質問 55
As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?
- A. No access to cardholder data should be permitted
- B. Number of personnel in the organization
- C. Maximum priviledge
- D. Business need to know
正解: D
質問 56
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).
- A. True
- B. False
正解: A
質問 57
PCI DSS Requirement 5 states that anti-virus software must be:
- A. Configured to allow users to disable it as desired
- B. Updated at least annually
- C. Installed on all systems commonly affected by malware
- D. Installed on all systems, even those not commonly affected by malware
正解: C
質問 58
......
PCIP3.0プレミアム試験エンジンとPDFダウンロード:https://jp.fast2test.com/PCIP3.0-premium-file.html