PCIP3.0問題集PDFでPCIP3.0リアル試験問題解答 [Q36-Q58]

Share

PCIP3.0問題集PDFでPCIP3.0リアル試験問題解答

時間限定!今すぐ試そうPCIP3.0試験 [2022] 問題集でPCIのPDF問題

質問 36
Which of the following lists the correct "order" for the flow of a payment card transaction?

  • A. Clearing, Authorization, Settlement
  • B. Authorization, Settlement, Clearing
  • C. Clearing, Settlement, Authorization
  • D. Authorization, Clearing, Settlement

正解: D

 

質問 37
Protect stored cardholder data is the ____________

  • A. Requirement 2
  • B. Requirement 4
  • C. Requirement 3
  • D. Requirement 5

正解: C

 

質問 38
Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?

  • A. SAQ B
  • B. SAQ D
  • C. SAQ C-VT
  • D. SAQ C
  • E. SAQ A

正解: D

 

質問 39
If an e-commerce service provider was deemed eligible to complete an SAQ, which SAQ would they use?

  • A. SAQ C
  • B. SAQ B
  • C. SAQ A
  • D. SAQ D

正解: D

 

質問 40
Risk assessments must be implemented in order to meet requirement 12.2. Please select all risk assessments methodologies that can be used in order to meet this requirement.

  • A. NIST SP 800-53
  • B. NIST SP 800-30
  • C. OCTAVE
  • D. ISO 27005

正解: B,C,D

 

質問 41
Merchants using P2PE solutions are still required to validate to PCI DSS

  • A. True
  • B. False

正解: A

 

質問 42
Existing PCI DSS requirements may be combined with new controls to become a compensating control.

  • A. True
  • B. False

正解: A

 

質問 43
A digital certificate is a valid for "something you have" as long as it is unique for a particular user.

  • A. True
  • B. False

正解: A

 

質問 44
What is the Appendix A on PCI DSS 3.0?

  • A. Cloud Computing Guidelines
  • B. Additional PCI DSS Requirements for Shared Hosting Providers
  • C. Compensating Controls
  • D. Segmentation and Sampling of Business Facilities/System Components

正解: B

 

質問 45
Encrypt transmission of cardholder data across open, public networks is the ______

  • A. Requirement 2
  • B. Requirement 1
  • C. Requirement 4
  • D. Requirement 5

正解: C

 

質問 46
Who can perform quarterly external vulnerability scans meeting requirement 11.2.2?

  • A. IT Security personnel
  • B. Any employee
  • C. Approved Scanning Vendor (ASV) approved by PCI SSC
  • D. Qualified personnel

正解: C

 

質問 47
Which of the below functions is associated with Acquirers?

  • A. Provide clearing services to a merchant
  • B. All of the options
  • C. Provide authorization services to a merchant
  • D. Provide settlement services to a merchant

正解: B

 

質問 48
Track and monitor all access to network resources and cardholder data is the ___________

  • A. Requirement 10
  • B. Requirement 8
  • C. Requirement 9
  • D. Requirement 11

正解: A

 

質問 49
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:

  • A. Written warning, suspension, revocation
  • B. Verbal warning, suspension, monthly fines
  • C. Written warning, remediation, monthly fines
  • D. Verbal warning, one-off fine, revocation

正解: A

 

質問 50
Develop and maintain secure systems and applications is the _________

  • A. Requirement 8
  • B. Requirement 6
  • C. Requirement 7
  • D. Requirement 5

正解: B

 

質問 51
PCIPs are required to adhere to the Code of Professional Responsibility, which includes:

  • A. Comply with industry laws and standards
  • B. Perform PCI DSS compliance assessments
  • C. Performing subjective evaluation of ethical violations
  • D. Sharing confidential information with other PCIPs

正解: A

 

質問 52
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database

  • A. False
  • B. True

正解: A

 

質問 53
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)

  • A. Don't forget about people
  • B. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
  • C. Focus on security, not on compliance
  • D. PCI DSS is not a once-a-year activity

正解: A,B,C,D

 

質問 54
Regularly test security systems and processes is the ___________

  • A. Requirement 9
  • B. Requirement 12
  • C. Requirement 11
  • D. Requirement 10

正解: C

 

質問 55
As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?

  • A. No access to cardholder data should be permitted
  • B. Number of personnel in the organization
  • C. Maximum priviledge
  • D. Business need to know

正解: D

 

質問 56
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).

  • A. True
  • B. False

正解: A

 

質問 57
PCI DSS Requirement 5 states that anti-virus software must be:

  • A. Configured to allow users to disable it as desired
  • B. Updated at least annually
  • C. Installed on all systems commonly affected by malware
  • D. Installed on all systems, even those not commonly affected by malware

正解: C

 

質問 58
......

PCIP3.0プレミアム試験エンジンとPDFダウンロード:https://jp.fast2test.com/PCIP3.0-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어