Online Access Free Assessor_New_V4 Exam Questions

An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7

• A.The web server and the database server should be installed on the same physical server
• B.The database server should be moved to a separate segment from the web server to allow for more concurrent connections
• C.The database server should be relocated so that it is not accessible from untrusted networks
• D.The web server should be moved into the internal network

Which statement about the Attestation of Compliance (AOC) is correct?

• A.The AOC must be signed by either the merchant service provider or the QSA'ISA
• B.The AOC must be signed by both the merchant/service provider and by PCI SSC
• C.The same AOC template is used for ROCs and SAQs
• D.There are different AOC templates for service providers and merchants

Security policies and operational procedures should be?

• A.Encrypted with strong cryptography
• B.Reviewed and updated at least quarterly
• C.Stored securely so that only management has access
• D.Distributed to and understood by all affected parties

PCI DSS Requirement 12.7 requires screening and background checks for which of the following?

• A.Personnel with access to the cardholder data environment.
• B.Visitors with access to the organization s facilities
• C.Cashiers with access to one card number at a time
• D.All personnel employed by the organization

Which statement is true regarding the presence of both hashed and truncated versions of the same PAN in an environment?

• A.Controls are needed to prevent the original PAN being exposed by the hashed and truncated versions
• B.The hashed version of the PAN must also be truncated per PCI OSS requirements for strong cryptography.
• C.Hashed and truncated versions of a PAN must not exist in same environment
• D.The hashed and truncated versions must be correlated so the source PAN can be identified