PCI ISA FLASHCARDS 3.2.1 EXAM ACTUAL

PCI ISA FLASHCARDS 3.2.1 EXAM (ACTUAL / )

QUESTION AND VERIFIED ANSWERS

How often should unnecessary stored data be purged?at least quarterly

A user is locked out after _____ wrong attempts 6

If a session has been idle for _____ minutes, a user must re- authenticate to re-activate the terminal or session 15 mins

Once a user account is locked out, it remains locked out for a minimum of _____ or _____ 30 mins or until a system administrator resets the account.

Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least ____ or ____ Annually and after any changes or all the time 1 / 3

What are "shared services"?common system components that provide services to many system components across an organization such as domain name service and network time protocol

What is NTP and is it in scope?Network Time Protocol-sets all system computers to the same time. Yes, this server has access into cardholder data environment to provide set time and date

Active Directory, NTP, DNS, Patches, and SMTP are examples of ____ Shared Services that are in scope for PCI

Verify that storage location security is reviewed at least _____ to confirm that backup media storage is secure annually

Review media inventory logs to verify that logs are maintained and media inventories are performed at least 2 / 3

annually

Data (media)from video camera's, access controls to sensitive area's is stored for at least______

• months

Software should be configured to perform critical file comparisons at least weekly

Implement processes to detect the presence of Wireless Access Points (WAP) both authorized and unauthorized points_____ Quarterly

Incident response plan is to be tested at least annually

Audit trails (logs) should be stored for ___ and ____ for immediate availability

• year and 3 months
• / 3