최신 QSA_New_V4 무료덤프 - PCI SSC Qualified Security Assessor V4

A. Only software which runs on PCI PTS devices.

B. Any payment software in the CDE.

C. Validated Payment Applications that are listed by PCI SSC and have undergone a PA-DSS assessment.

D. Software developed by the entity in accordance with the Secure SLC Standard.

A. All network transmissions.

B. All access to all audit trails.

C. All use of end-user messaging technologies.

D. All access to external web sites.

A. The decryption keys must be associated with the local user account database.

B. The disk encryption system must use the same user account authenticator as the operating system.

C. Access to the disk encryption must be managed independently of the operating system access control mechanisms.

D. The decryption keys must be stored within the local user account database.

A. At least weekly

B. Only after a valid change is installed

C. Periodically as defined by the entity

D. At least monthly

A. In scope only if it stores, processes or transmits cardholder data.

B. In scope for PCI DSS.

C. Not in scope for PCI DSS.

D. In scope only if it provides authentication services to systems in the DMZ.

A. Ensure all vulnerabilities are addressed within 30 days.

B. Replace the need for quarterly ASV scans.

C. Ensure that critical security patches are installed at least quarterly.

D. Prioritize the highest risk items so they can be addressed more quickly.

A. At least 2 years, with the most recent 3 months immediately available.

B. At least 3 months, with the most recent month immediately available.

C. At least 1 year, with the most recent 3 months immediately available.

D. At least 2 years, with the most recent month immediately available.