NO.48 Requirement 11.3 – Implement a methodology for penetration testing is a best practice until June 30 2015

NO.49 Quarterly internal vulnerability scans should be executed and rescans as needed until what point?

NO.50 Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility

NO.51 A company that ________ is considered to be a service provider.

NO.52 To be compliant with requirement 8.1.4 you have to remove/disable inactive user accounts at least every

NO.53 All other merchants (not included in the descriptions for SAQs A, B, or C) and all service providers defined by a payment brand as eligible to complete an SAQ may be completing what SAQ?

NO.54 Intrusion-detection and/or intrusion-prevention techniques are NOT a requirement to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the CDE and alert personnel to suspected compromises.

NO.55 When evaluating “above and beyond” for compensating controls, an existing PCI DSS requirement MAY be considered as compensating controls if they are required for another area, but are not required for the item under review

NO.56 The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote network access originating from outside the network by personnel and all third parties.

NO.57 According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.

NO.58 The P2PE Standard covers:

NO.59 Maintain a policy that addresses information security for all personnel is the ________

NO.60 Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?

NO.61 PCI compliance do not apply on Virtualized environments

NO.62 Internal and external penetration tests should be performed_______________ to meet requirement
1 1.3.1 and 11.3.2

NO.63 In order to be considered a compensating control, which of the following must exist:

NO.64 SELECT ALL THAT APPLY
To be compliant with requirement 9.9 an updated list of all card-reading devices used in card-present transactions at the point of sale must be kept by June 30 2015 including the following:

NO.65 Identify and authenticate access to system components is the __________

NO.66 It’s NOT required that all four quarters of passing scan in order to meet requirement 11.2

NO.67 PCIPs are required to adhere to the Code of Professional Responsibility, which includes:

NO.68 The implementation of a Security Awareness Program (Requirement 12.6) requires that personnel must be educated upon hire and at least

NO.69 An user should be required to re-authenticate to activate the terminal or session if it’s been idle for more than

NO.70 Protect all systems against malware and regularly updated anti-virus software or programs is the
____________

NO.71 Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use?