[Jun-2022] The Best PCI Certification PCIP3.0 Professional Exam Questions [Q19-Q39]

2022 年 6 月] 最佳 PCI 认证 PCIP3.0 专业考试试题 [Q19-Q39] [Jun-2022

6 月 21, 2022 管理 0 条评论

给本帖评分

[Jun-2022] The Best PCI Certification PCIP3.0 Professional Exam Questions

Try 100% Updated PCIP3.0 Exam Questions [2022]

Benefits in Obtaining PCI PCIP3.0 Certification

Becoming a PCI Professional indicates a degree of understanding that can provide a solid base for a career in the payment security industry. Security professionals, managers, executives, sales engineers, application developers, product managers and marketing professionals, independent consultants are few of the many individuals who may be interested in this programme. PCIP status also provides a solid base for potential career advancements to other PCI certifications such as QSA or ISA. By becoming a PCIP, the applicant joins other committed practitioners in pursuing account data security and the atmosphere in which such information is stored, processed or transmitted.

Earning this certification gives you a competitive advantage by developing a skill set that’s in demand in the world. By getting this certification will help you in promotion, increase in wages, or other career improvements.

Topics of PCI PCIP3.0 Exam

PCIP Course outlines the PCI Standards and helps the candidates achieve the abilities to build a secure payment environment for their companies to help them achieve PCI compliance. Following are some of the topics included in the course and exam:

How and when to use Self-Assessment Questionnaires (SAQs)
Overview of basic payment industry terminology
Understanding the transaction flow
Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
Working with third-parties and service providers

第 19 号 Passwords/Passphrases should not be allowed if the same of the last ____ used passwords/passphrases.
(Requirement 8.2.5)

NO.20 In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:

Verbal warning, one-off fine, revocation

Written warning, remediation, monthly fines

Verbal warning, suspension, monthly fines

Written warning, suspension, revocation

第 21 号 PCI DSS Requirement 1 covers:

Implementation of firewalls between the CDE and untrusted networks

Secure development of DMZ applications and systems

Masking of PAN wherever it is displayed

Installation of anti-virus software

第 22 号 应每季度执行一次内部漏洞扫描，并根据需要重新扫描，直到什么时候？

解决所有已发现的漏洞

直到获得 PCI 扫描合格分数为止

高风险漏洞（如要求 6.1 所定义）得到解决

高风险和中等风险漏洞得到解决

第 23 号 Storing track data “long-term” or “persistently” is permitted when

it’s reported to the PCI SSC annually in a RoC

it’s hashed by the merchant storing it

it’s been stored by issuers

it’s encrypted by the merchant storing it

第 24 号 要符合要求 8.1.4，必须至少每隔一段时间删除/禁用非活动用户账户。

180 天

90 天

60 天

30 天

NO.25 商户的分段支付应用系统与互联网相连，没有电子持卡人数据存储，可以使用什么 SAQ？

SAQ B

SAQ A

SAQ C-VT

SAQ D

SAQ C

NO.26 Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be

at least as strong as the data-encrypting keys

less stronger as the data-encrypting keys

stored at the same location of the data-encrypting key

stronger than the data-encrypting keys

NO.27 PCI DSS Requirement Appendix A is intended for:

Shared hosting providers

Any third party that stores, processes, or transmits cardholder data on behalf of another entity

Issuing banks and acquirers

Merchants with data center environments

NO.28 Which of the following lists the correct “order” for the flow of a payment card transaction?

Clearing, Settlement, Authorization

Clearing, Authorization, Settlement

Authorization, Settlement, Clearing

Authorization, Clearing, Settlement

NO.29 请选择所有可能适用于违反《PCI 职业道德准则》的纪律处分。
职业责任

撤销

悬挂

警告

费用

NO.30 Which of the following entities will ultimately approve a purchase?

Merchant

Payment Transaction Gateway

Issuing Bank

Acquiring Bank

第 31 号 如果用户的终端或会话闲置时间超过

30 分钟

10 分钟

15 分钟

60 分钟

第 32 号 What is the NIST standards that provides password complexity requirements

800-57

800-61

800-53

800-63

NO.33 Merchants using only web-based virtual payment terminals, no electronic cardholder data storage, may be eligible to use what SAQ?

SAQ C

SAQ B

SAQ A

SAQ C-VT

SAQ D

NO.34 When masking the PAN what is the maximum number of digits allowed to be displayed

The first four and the last four

The first six and the last four

The display of PAN digits are prohibited

The first four and the last six

第 35 号 PCIP 必须遵守《职业责任准则》，其中包括

遵守行业法律和标准

对违反道德的行为进行主观评价

与其他 PCIP 共享机密信息

执行 PCI DSS 合规性评估

第 36 号 对于人员和所有第三方从网络外部进行远程网络访问，PCI DSS v3 并不要求使用双因素身份验证。

假的

正确

NO.37 Imprint-Only Merchants with no electronic storage of cardholder data may be eligible to use which SAQ?

SAQ C/VT

SAQ D

SAQ B

SAQ A

第 38 号 ________ 的公司被视为服务提供商。

是一个支付卡品牌

是 PCI SSC 的创始成员

控制，或可能影响另一个实体的安全。

不是商人

第 39 号 According to requirement 11.1 you must implement a process to test for the presence of wireless access points and detect and identify all authorized and unauthorized wireless access points on every

60 day

3 个月

30 天

6 months

加载中 …