최신 QSA_New_V4 무료덤프 - PCI SSC Qualified Security Assessor V4

A. Software developed by an entity for the entity's own use.

B. Virtual payment terminals.

C. Any software developed by a third party that can be customized by an entity.

D. Any software developed by a third party.

A. At least weekly

B. Only after a valid change is installed

C. Periodically as defined by the entity

D. At least monthly

A. All portable electronic storage.

B. All systems that store PAN.

C. Any in-scope system except for those identified as 'not at risk' from malware.

D. All CDE systems, connected systems, NSCs, and security-providing systems.

A. The hashed and truncated versions must be correlated so the source PAN can be identified.

B. Controls are needed to prevent the original PAN being exposed by the hashed and truncated versions.

C. Hashed and truncated versions of a PAN must not exist in same environment.

D. The hashed version of the PAN must also be truncated per PCI DSS requirements for strong cryptography.

A. You must document the work on the customized control in the ROC, but you can not assess the control or the documentation.

B. You can assess the customized control and verify that the customized approach was correctly followed, but you must document this in the ROC.

C. You can assess the customized control, but another assessor must verify that you completed the TRA correctly.

D. Assessors are not allowed to assist an entity with the completion of the Controls Matrix or the TRA.

A. It must be protected with strong cryptography tor transmission over private wired networks.

B. It does not require protection for transmission over public wireless networks.

C. It must be protected with strong cryptography for transmission over private wireless networks.

D. It does not require protection for transmission over public wired networks.

A. RSA 512

B. AES 128

C. ROT 13

D. DES 256