{"id":109626,"date":"2023-07-24T18:27:11","date_gmt":"2023-07-24T18:27:11","guid":{"rendered":"https:\/\/learnexams.com\/blog\/?p=109626"},"modified":"2023-07-24T18:27:18","modified_gmt":"2023-07-24T18:27:18","slug":"pci-isa-exam-question-and-answers-2023","status":"publish","type":"post","link":"https:\/\/www.learnexams.com\/blog\/2023\/07\/24\/pci-isa-exam-question-and-answers-2023\/","title":{"rendered":"PCI ISA Exam Question And Answers 2023"},"content":{"rendered":"\n<p>QSAs must retain work papers for a minimum of <strong><em>_<\/em><\/strong> years. It is a recommendation for ISAs to do the same.<br>3<\/p>\n\n\n\n<p>According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every <strong>_<\/strong> months.<br>6<\/p>\n\n\n\n<p>At least <strong><em><strong><em>__<\/em><\/strong><\/em><\/strong> and prior to the annual assessment the assessed entity:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identifies all locations and flows of cardholder data to verify they are included in the CDE<\/li>\n\n\n\n<li>Confirms the accuracy of their PCI DSS scope<\/li>\n\n\n\n<li>Retains their scoping documentation for assessor reference<br>annually<\/li>\n<\/ul>\n\n\n\n<p>scope includes<br>ppl process, tech<\/p>\n\n\n\n<p>Evidence Retention<br>It is recommended that the ISA secure and maintain digital and\/or hard copies of case logs, audit results and work papers, notes, and any technical information that was created and\/or obtained during the PCI Data Security Assessment for a minimum of <strong><em>__<\/em><\/strong> or as applicable to company data retention policies<br>of three (3) years<\/p>\n\n\n\n<p>A (time) <strong>__<\/strong> process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements.<br>quarterly<\/p>\n\n\n\n<p>Do not store SAD after <strong><em><strong>__<\/strong><\/em><\/strong> (even if encrypted). (track data \/ cvc \/ pin)<br>authorization<\/p>\n\n\n\n<p>manual clear-text key-management procedures specify processes for the use of the following<br>Split knowledge.Dual control<\/p>\n\n\n\n<p>Dual control<br>least two people are required to perform any key-management operations and no one person has access to the authentication materials (for example, passwords or keys) of another<\/p>\n\n\n\n<p>Split knowledge<br>key components are under the control of at least two people who only have knowledge of their own key components<\/p>\n\n\n\n<p>PAN is rendered unreadable in which ways<br>hash<br>mask<br>encrypt<br>pad<\/p>\n\n\n\n<p>Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within <strong>_<\/strong> of release.<br>one month<\/p>\n\n\n\n<p>Installation of all applicable vendor-supplied security patches within an <strong><em><strong><em>_______<\/em><\/strong><\/em><\/strong><br>appropriate time frame (for example, within three months)<\/p>\n\n\n\n<p>makes sure change control has these 4 things<br>impack<br>testing (PCI review)<br>backout<br>approval<\/p>\n\n\n\n<p>Train developers at least <strong><em>__<\/em><\/strong> in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory.<br>annually<\/p>\n\n\n\n<p>Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least <strong><em><strong><em>_______<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p>or<\/p>\n\n\n\n<p>automated technical solution that detects and prevents web-based attacks active <strong><em>_<\/em><\/strong><br>annually and after any changes<\/p>\n\n\n\n<p>all the time<\/p>\n\n\n\n<p>Observe user accounts to verify that any inactive accounts over <strong><em>__<\/em><\/strong> are either removed or disabled.<br>90 days old<\/p>\n\n\n\n<p>For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than <strong><em><strong>_<\/strong><\/em><\/strong> invalid logon attempts.<br>6<\/p>\n\n\n\n<p>once a user account is locked out, it remains locked for a minimum of <strong><em><strong><em>_<\/em><\/strong><\/em><\/strong> or <strong><em><strong>__<\/strong><\/em><\/strong><br>30 mins or until a system administrator resets the account<\/p>\n\n\n\n<p>idle time out features have been set to <strong><em>__<\/em><\/strong><br>15 mins or less<\/p>\n\n\n\n<p>For a sample of system components, inspect system configuration settings to verify that user password\/passphrase parameters are set to require users to change passwords at least once every <strong>__<\/strong>.<br>90 days<\/p>\n\n\n\n<p>new passwords\/passphrases cannot be the same as the <strong><em><strong>__<\/strong><\/em><\/strong> previously used passwords\/passphrases<br>4<\/p>\n\n\n\n<p>Verify that data from video cameras and\/or access control mechanisms is reviewed, and that data is stored for <strong><em><strong><em>__<\/em><\/strong><\/em><\/strong><br>at least three months.<\/p>\n\n\n\n<p>visitor log is<br>retains for 3 month<br>name,<br>firm,<br>escort<\/p>\n\n\n\n<p>Verify that the storage location security is reviewed at least <strong><em>_<\/em><\/strong> to confirm that backup media storage is secure.<br>annually<\/p>\n\n\n\n<p>Review media inventory logs to verify that logs are maintained and media inventories are performed at least <strong><em><strong><em>_<\/em><\/strong><\/em><\/strong><br>annually<\/p>\n\n\n\n<p>reviewing the following at least <strong><em>__<\/em><\/strong>, either manually or via log tools:<\/p>\n\n\n\n<p>All security events<br>Logs of all system components that store, process, or transmit CHD and\/or SAD<br>Logs of all critical system components<br>Logs of all servers and system components that perform security functions<br>daily<\/p>\n\n\n\n<p>reviewing logs of all other system components <strong><em>_<\/em><\/strong>\u2014either manually or via log tools\u2014based on the organization&#8217;s policies and risk management strategy.<br>periodically<\/p>\n\n\n\n<p>retaining audit logs for at least <strong><em>, with a minimum of <strong><em>_______<\/em><\/strong><\/em><\/strong> immediately available online<br>one year<\/p>\n\n\n\n<p>3 months<\/p>\n\n\n\n<p>Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a <strong><em><strong><em>___<\/em><\/strong><\/em><\/strong> basis<br>quarterly<\/p>\n\n\n\n<p>Run internal and external network vulnerability scans at least <strong><em>_ and <strong>__________<\/strong><\/em><\/strong> in the network<br>quarterly and after any significant change<\/p>\n\n\n\n<p>verify that <strong><em><strong><em>_<\/em><\/strong> internal\/(external ASV) scans occurred in the most recent<\/em><\/strong><br>four quarterly<\/p>\n\n\n\n<p>12-month period<\/p>\n\n\n\n<p>penetration testing when?<\/p>\n\n\n\n<p>how about service providers on seg controls??<br>quarterly and after sig changes<\/p>\n\n\n\n<p>6 months and sig changes<\/p>\n\n\n\n<p>IDS\/IPS where?<br>at perimeter of CDE and at crit points in CDE<\/p>\n\n\n\n<p>perform critical file comparisons at least <strong><em><strong>_<\/strong><\/em><\/strong><br>weekly<\/p>\n\n\n\n<p>information security policy reviewed when?<br>annually and sig changes<\/p>\n\n\n\n<p>entities monitor its service providers&#8217; PCI DSS compliance status at least <strong><em>__<\/em><\/strong><br>annually<\/p>\n\n\n\n<p>incident response plan tested when?<br>annually<\/p>\n\n\n\n<p>service providers only: Perform reviews at least <strong>_<\/strong> to confirm personnel are following security policies and operational procedures.<br>quarterly<\/p>\n\n\n\n<p>Where POS POI terminals (and the SSL\/TLS termination points to which they connect) use SSL and\/or early TLS, the entity must either:<br>Confirm the devices are not susceptible to any known exploits for those protocols, or<br>Have a formal Risk Mitigation and Migration Plan in place<\/p>\n\n\n\n<p>DESV User accounts and access privileges are reviewed at least every <strong><em>_<\/em><\/strong><br>six months<\/p>\n\n\n\n<p>PCI DSS requirements are applicable wherever <strong><em><strong><em>___<\/em><\/strong><\/em><\/strong> is stored, processed, or transmitted<br>PAN or SAD<\/p>\n\n\n\n<p>Contains all fields of both Track 1 and Track 2<br>track 1 (Length up to 79 characters)<\/p>\n\n\n\n<p>track 2 contains?<br>Provides shorter processing time for older dial-up transmissions<br>Length up to 40 characters<\/p>\n\n\n\n<p>If you find a potential card number, you can use a <strong><em>__<\/em><\/strong> check to see if it is a valid card number<br>mod 10 (luhn)<\/p>\n\n\n\n<p>Examine documented results of scope reviews and interview personnel to verify that the reviews are performed:<br>At least quarterly<br>After significant changes to the in-scope environment<\/p>\n\n\n\n<p>processes are defined and implemented to review hardware and software technologies when?<br>annually<\/p>\n","protected":false},"excerpt":{"rendered":"<p>QSAs must retain work papers for a minimum of _ years. It is a recommendation for ISAs to do the same.3 According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every _ months.6 At least __ and prior to the annual assessment the assessed entity: scope includesppl process, tech [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-109626","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/109626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=109626"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/109626\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=109626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=109626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=109626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}