QSA_New_V4無料問題集「PCI SSC Qualified Security Assessor V4」

質問 1

Which statement about the Attestation of Compliance (AOC) is correct?

（A）The AOC must be signed by both the merchant/service provider and by PCI SSC.

（B）The same AOC template is used for ROCs and SAQs.

（C）The AOC must be signed by either the merchant/service provider or the QSA/ISA.

（D）There are different AOC templates for service providers and merchants.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A sample of business facilities is reviewed during the PCI DSS assessment. What is the assessor required to validate about the sample?

（A）All types and locations of facilities are represented.

（B）It includes a consistent set of facilities that are reviewed for all assessments.

（C）The number of facilities in the sample is at least 10 percent of the total number of facilities.

（D）Every facility where cardholder data is stored is reviewed.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

What is the intent of classifying media that contains cardholder data?

（A）Ensuring that all media is consistently destroyed on the same schedule, regardless of the contents.

（B）Ensuring that media containing cardholder data Is moved from secured areas an a quarterly basis.

（C）Ensuring that media is properly protected according to the sensitivity of the data it contains.

（D）Ensuring that media is clearly and visibly labeled as "Confidential" so all personnel know that the media contains cardholder data.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which scenario meets PCI DSS requirements for restricting access to databases containing cardholder data?

（A）User access to the database is only through programmatic methods.

（B）Direct queries to the database are restricted to shared database administrator accounts.

（C）Application IDs for database applications can only be used by database administrators.

（D）User access to the database is restricted to system and network administrators.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS/IPS)?

（A）Intrusion detection techniques are required to alert personnel of suspected compromises.

（B）Intrusion detection techniques are required to identify all instances of cardholder data.

（C）Intrusion detection techniques are required on all system components.

（D）Intrusion detection techniques are required to isolate systems in the cardholder data environment from all other systems.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

At which step in the payment transaction process does the merchant's bank pay the merchant for the purchase, and the cardholder's bank bill the cardholder?

（A）Chargeback

（B）Clearing

（C）Settlement

（D）Authorization

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which statement is true regarding the presence of both hashed and truncated versions of the same PAN in an environment?

（A）The hashed version of the PAN must also be truncated per PCI DSS requirements for strong cryptography.

（B）The hashed and truncated versions must be correlated so the source PAN can be identified.

（C）Hashed and truncated versions of a PAN must not exist in same environment.

（D）Controls are needed to prevent the original PAN being exposed by the hashed and truncated versions.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

QSA_New_V4 無料問題集「PCI SSC Qualified Security Assessor V4」

弊社を連絡する

関連リンク

トップ試験