.png){kind=logo}
PCI ISA Questions and Answers with Certified Solutions
QSAs must retain work papers for a minimum of _______ years. It is a recommendation for
ISAs to do the same. ✔✔3
According to PCI DSS requirement 1, Firewall and router rule sets need to be reviewed every
_____ months. ✔✔6
At least ______________ and prior to the annual assessment the assessed entity:
- Identifies all locations and flows of cardholder data to verify they are included in the CDE
- Confirms the accuracy of their PCI DSS scope
- Retains their scoping documentation for assessor reference ✔✔annually
scope includes ✔✔ppl process, tech
Evidence Retention
It is recommended that the ISA secure and maintain digital and/or hard copies of case logs, audit
results and work papers, notes, and any technical information that was created and/or obtained
during the PCI Data Security Assessment for a minimum of ________ or as applicable to
company data retention policies ✔✔of three (3) years
A (time) ______ process for identifying and securely deleting stored cardholder data that
exceeds defined retention requirements. ✔✔quarterly
Do not store SAD after ____________ (even if encrypted). (track data / cvc / pin)
✔✔authorization
manual clear-text key-management procedures specify processes for the use of the following
✔✔Split knowledge.Dual control
Dual control ✔✔least two people are required to perform any key-management operations and
no one person has access to the authentication materials (for example, passwords or keys) of
another
Split knowledge ✔✔key components are under the control of at least two people who only have
knowledge of their own key components
.png)