QUESTION 10
Passwords for default accounts and default administrative accounts should be?

QUESTION 11
What would be an appropriate strength for the key-encrypting key (KEK) used to protect an AES 128 bit data-encrypting key (DEK)

QUESTION 12
An entity is using custom software in their CDE.The custom software was developed using processes that were assessed by a Secure Software Lifecycle assessor and found to be fully compliant with the Secure SLC standard.What impact will this have on the entity’s PCI DSS assessment?

QUESTION 13
In accordance with PCI DSS Requirement 10. how long must audit logs be retained?

QUESTION 14
What must be included m an organization’s procedures for managing visitors9

QUESTION 15
Which statement about the Attestation of Compliance (AOC) is correct?

QUESTION 16
Which of the following file types must be monitored by a change-detection mechanism (for example, a file-integrity monitoring tool)?

QUESTION 17
Which of the following is true regarding internal vulnerability scans?

QUESTION 18
What do PCI DSS requirements for protecting cryptographic keys include?

QUESTION 19
In the ROC Repotting Template, which of the following is the best approach for a response where the requirement was in Place”?

QUESTION 20
If disk encryption is used to protect account data what requirement should be met for the disk encryption solution?

QUESTION 21
Which of the following statements is true regarding track equivalent data on the chip of a payment card?

QUESTION 22
A retail merchant has a server room containing systems that store encrypted PAN data. The merchant has implemented a badge access-control system that identities who entered and exited the room onwhat date and at what time There are no video cameras located in the server room Based on this information, which statement is true regarding PCI DSS physical security requirements?

QUESTION 23
What does the PCI PTS standard cover?

QUESTION 24
An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?

QUESTION 25
According torequirement 1,what is the purpose of “Network Security Controls?

QUESTION 26
Which of the following is true regarding compensating controls?

QUESTION 27
An internal NTP server that provides lime services to the Cardholder Data Environment is?

QUESTION 28
At which step in the payment transaction process does the merchants bank pay the merchant for the purchase and the cardholder s bank bill the cardholder?

QUESTION 29
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA During the assessment, you spend time completing the Controls Matrix and the TRA. while also ensuing that the customized control is implemented securely Which of the following statements is true?

QUESTION 30
Which statement is true regarding the presence of both hashed and truncated versions ofthe same PAN in an environment?

QUESTION 31
Viewing of audit log files should be limited to?

QUESTION 32
What should the assessor verify when testing that cardholder data is protected whenever it is sent over open public networks?

QUESTION 33
An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7