QSA_New_V4 無料問題集「PCI SSC Qualified Security Assessor V4」

（A）Certificates are logged so they can be retrieved when the employee leaves the company.

（B）A different certificate is assigned to each individual user account, and certificates are not shared.

（C）Certificates are assigned only to administrative groups, and not to regular users.

（D）Change control processes are in place to ensure certificates are changed every 90 days.

（A）Any in-scope system except for those identified as 'not at risk' from malware.

（B）All portable electronic storage.

（C）All CDE systems, connected systems, NSCs, and security-providing systems.

（D）All systems that store PAN.

（A）Only a Qualified Security Assessor (QSA).

（B）Entity being assessed.

（C）Card brands or acquirer.

（D）Either a QSA, AQSA, or PCIP.

（A）Prioritize the highest risk items so they can be addressed more quickly.

（B）Ensure that critical security patches are installed at least quarterly.

（C）Ensure all vulnerabilities are addressed within 30 days.

（D）Replace the need for quarterly ASV scans.

（A）The AOC must be signed by both the merchant/service provider and by PCI SSC.

（B）The same AOC template is used for ROCs and SAQs.

（C）The AOC must be signed by either the merchant/service provider or the QSA/ISA.

（D）There are different AOC templates for service providers and merchants.

（A）A user fingerprint and a user thumbprint.

（B）A user password and a PIN-activated smart card.

（C）A user passphrase and an application-level password.

（D）A token that must be presented twice during the login process.

（A）Security policy and procedure documents

（B）Application vendor manuals

（C）System configuration and parameter files

（D）Files that regularly change