
最新PCI PCIP3.0一発合格!試験リアル問題集最新の[2022年01月]
良質なPCIP3.0問題集はここFast2test問題はあなたの合格させて見せます。明るい未来はクリックから始まる!
質問 35
According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.
- A. True
- B. False
正解: A
質問 36
Which of the below functions is associated with Acquirers?
- A. Provide authorization services to a merchant
- B. Provide clearing services to a merchant
- C. All of the options
- D. Provide settlement services to a merchant
正解: C
質問 37
SELECT ALL THAT MATCHES
Examples of two-factor technologies include:
- A. TACACS with tokens
- B. RADIUS with tokens
- C. Single Sign On SAML 2.0
- D. Digital Certificates (if unique per ID)
正解: A,B,D
質問 38
Merchants using P2PE solutions are still required to validate to PCI DSS
- A. True
- B. False
正解: A
質問 39
The presumption of P2PE is that:
- A. The data cannot be decrypted between the source and the destination points
- B. Any entity in possession of the ciphertext can easily reverse the encryption process
- C. The data can be decrypted between the source and the destination points
- D. The data can never be decrypted
正解: A
質問 40
Encrypt transmission of cardholder data across open, public networks is the ______
- A. Requirement 5
- B. Requirement 1
- C. Requirement 2
- D. Requirement 4
正解: D
質問 41
Internal and external penetration tests should be performed_______________ to meet requirement
1 1.3.1 and 11.3.2
- A. Yearly
- B. Quarterly
- C. Monthly
- D. Every 60 days
正解: A
質問 42
When evaluating "above and beyond" for compensating controls, an existing PCI DSS requirement MAY be considered as compensating controls if they are required for another area, but are not required for the item under review
- A. True
- B. False
正解: A
質問 43
The PCI DSS Requirement most closely associated with "Logging" is ____________
- A. Requirement 10
- B. Requirement 2
- C. Requirement 11
- D. Requirement 8
正解: A
質問 44
Information Supplements provided by the PCI SSC "supersede" or replace PCI DSS requirements
- A. True
- B. False
正解: B
質問 45
The use of Tokenization can eliminate the need for PCI Compliance
- A. True
- B. False
正解: B
質問 46
The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote network access originating from outside the network by personnel and all third parties.
- A. True
- B. False
正解: B
質問 47
Payment cards has typically 2 tracks, track 1 and track 2 that has respectively how many characters in length?
- A. 79 and 40
- B. 40 and 16
- C. 16 and 40
- D. 40 and 79
正解: A
質問 48
SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:
- A. Make, model of device
- B. Location of device
- C. Device serial number or other unique identification
- D. Proof of purchase
正解: A,B,C
質問 49
SELECT ALL THAT APPLY
Select all audit trails that must be recorded for all system components according to requirement 10.3
- A. User identification
- B. Date and time
- C. Type of event
- D. Origination of event
- E. Success or failure identification
- F. Identity or name of affected data, system component, or resource
正解: A,B,C,D,E,F
質問 50
Compensating controls must: (Select ALL that applies)
- A. Be "above and beyond" other PCI DSS requirement (i.e., not simply in compliance with other requirements)
- B. Sufficiently offset the risk that the original PCI DSS requirement was designed to defend against
- C. Be commensurate with additional risk imposed by not adhering to original requirement
- D. Meet the intent and rigor of the original PCI requirement
正解: A,B,C,D
質問 51
Track and monitor all access to network resources and cardholder data is the ___________
- A. Requirement 10
- B. Requirement 11
- C. Requirement 8
- D. Requirement 9
正解: A
質問 52
If an e-commerce service provider was deemed eligible to complete an SAQ, which SAQ would they use?
- A. SAQ C
- B. SAQ A
- C. SAQ B
- D. SAQ D
正解: D
質問 53
Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?
- A. SAQ A
- B. SAQ B
- C. SAQ C-VT
- D. SAQ D
- E. SAQ C
正解: E
質問 54
Maintain a policy that addresses information security for all personnel is the ________
- A. Requirement 11
- B. Requirement 9
- C. Requirement 10
- D. Requirement 12
正解: D
質問 55
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:
- A. Written warning, suspension, revocation
- B. Verbal warning, one-off fine, revocation
- C. Verbal warning, suspension, monthly fines
- D. Written warning, remediation, monthly fines
正解: A
質問 56
PCI DSS Requirement 1 covers:
- A. Masking of PAN wherever it is displayed
- B. Implementation of firewalls between the CDE and untrusted networks
- C. Secure development of DMZ applications and systems
- D. Installation of anti-virus software
正解: B
質問 57
For initial PCI DSS compliance, it's not required that four quarters of passing scans must be completed if the assessor verifies that 1) the most recent scan result was a passing scan, 2) the entity has documented policies and procedures requiring quarterly scanning, and 3) vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).
- A. True
- B. False
正解: A
質問 58
Imprint-Only Merchants with no electronic storage of cardholder data may be eligible to use which SAQ?
- A. SAQ B
- B. SAQ A
- C. SAQ D
- D. SAQ C/VT
正解: A
質問 59
......
試験合格保証有効なPCI PCIP3.0問題集:https://jp.fast2test.com/PCIP3.0-premium-file.html