This page was exported from Top Exam Collection [ http://blog.topexamcollection.com ] Export date:Fri Apr 11 5:47:01 2025 / +0000 GMT ___________________________________________________ Title: Valid PCI Certification PCIP3.0 Dumps Ensure Your Passing [Q48-Q71] --------------------------------------------------- Valid PCI Certification PCIP3.0 Dumps Ensure Your Passing PCIP3.0 Dumps Real Exam Questions Test Engine Dumps Training NO.48 Requirement 11.3 – Implement a methodology for penetration testing is a best practice until June 30 2015  True  False NO.49 Quarterly internal vulnerability scans should be executed and rescans as needed until what point?  All identified vulnerabilities are resolved  Until you get a PCI Scan passing score  High-risk vulnerabilities (as defined in Requirement 6.1) are resolved  High and medium risks vulnerabilities are resolved NO.50 Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code ofProfessional Responsibility  Revocation  Suspension  Warning  Fee NO.51 A company that ________ is considered to be a service provider.  is a payment card brand  is a founding member of PCI SSC  controls or could impact the security of another entity’s  is not also a merchant NO.52 To be compliant with requirement 8.1.4 you have to remove/disable inactive user accounts at least every  180 days  90 days  60 days  30 days NO.53 All other merchants (not included in the descriptions for SAQs A, B, or C) and all service providers defined by a payment brand as eligible to complete an SAQ may be completing what SAQ?  SAQ C  SAQ B  SAQ D  SAQ A NO.54 Intrusion-detection and/or intrusion-prevention techniques are NOT a requirement to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the CDE and alert personnel to suspected compromises.  False  True NO.55 When evaluating “above and beyond” for compensating controls, an existing PCI DSS requirement MAY be considered as compensating controls if they are required for another area, but are not required for the item under review  True  False NO.56 The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote network access originating from outside the network by personnel and all third parties.  False  True NO.57 According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.  False  True NO.58 The P2PE Standard covers:  Encryption, decryption, and key management requirements for point-to-point encryption solutions  Secure payment applications for processing transactions  Mechanisms used to protect the PIN and encrypted PIN blocks  Physical security requirements for manufacturing payment cards NO.59 Maintain a policy that addresses information security for all personnel is the ________  Requirement 11  Requirement 12  Requirement 10  Requirement 9 NO.60 Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?  SAQ B  SAQ A  SAQ C-VT  SAQ D  SAQ C NO.61 PCI compliance do not apply on Virtualized environments  True  False NO.62 Internal and external penetration tests should be performed_______________ to meet requirement1 1.3.1 and 11.3.2  Quarterly  Every 60 days  Yearly  Monthly NO.63 In order to be considered a compensating control, which of the following must exist:  A legitimate technical constraint and a documented business constraint  A documented business constraint  A legitimate technical constraint or a documented business constraint  A legitimate technical constraint NO.64 SELECT ALL THAT APPLYTo be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:  Device serial number or other unique identification  Make, model of device  Proof of purchase  Location of device NO.65 Identify and authenticate access to system components is the __________  Requirement 8  Requirement 11  Requirement 9  Requirement 10 NO.66 It’s NOT required that all four quarters of passing scan in order to meet requirement 11.2  True  False NO.67 PCIPs are required to adhere to the Code of Professional Responsibility, which includes:  Comply with industry laws and standards  Performing subjective evaluation of ethical violations  Sharing confidential information with other PCIPs  Perform PCI DSS compliance assessments NO.68 The implementation of a Security Awareness Program (Requirement 12.6) requires that personnel must be educated upon hire and at least  Yearly  Quarterly  Every 6 months  Monthly NO.69 An user should be required to re-authenticate to activate the terminal or session if it’s been idle for more than  30 minutes  10 minutes  15 minutes  60 minutes NO.70 Protect all systems against malware and regularly updated anti-virus software or programs is the____________  Requirement 6  Requirement 5  Requirement 4  Requirement 7 NO.71 Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use?  SAQ C/VT  SAQ B  SAQ D  SAQ A  Loading … PCI PCIP3.0: Selling PCI Certification Products and Solutions: https://www.topexamcollection.com/PCIP3.0-vce-collection.html --------------------------------------------------- Images: https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-03-09 09:03:18 Post date GMT: 2024-03-09 09:03:18 Post modified date: 2024-03-09 09:03:18 Post modified date GMT: 2024-03-09 09:03:18