최신 QSA_New_V4 무료덤프 - PCI SSC Qualified Security Assessor V4

문제1

Which scenario meets PCI DSS requirements for restricting access to databases containing cardholder data?

A. Direct queries to the database are restricted to shared database administrator accounts.

B. User access to the database is restricted to system and network administrators.

C. Application IDs for database applications can only be used by database administrators.

D. User access to the database is only through programmatic methods.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Where can live PANs be used for testing?

A. Production (live) environments only.

B. Pre-production environments that are located within the CDE.

C. Pre-production (test) environments only it located outside the CDE.

D. Testing with live PANs must only be performed in the OSA Company environment.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Which statement about PAN is true?

A. It must be protected with strong cryptography for transmission over private wired networks.

B. It does not require protection for transmission over public wireless networks.

C. It must be protected with strong cryptography for transmission over private wireless networks.

D. It does not require protection for transmission over public wired networks.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제4

PCI DSS Requirement 12.7 requires screening and background checks for which of the following?

A. Personnel with access to the cardholder data environment.

B. All personnel employed by the organization.

C. Cashiers with access to one card number at a time.

D. Visitors with access to the organization's facilities.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제5

According to the glossary, "bespoke and custom software" describes which type of software?

A. Software developed by an entity for the entity's own use.

B. Virtual payment terminals.

C. Any software developed by a third party that can be customized by an entity.

D. Any software developed by a third party.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

What must be included in an organization's procedures for managing visitors?

A. Visitor log includes visitor name, address, and contact phone number.

B. Visitor badges are identical to badges used by onsite personnel.

C. Visitors retain their identification (for example, a visitor badge) for 30 days after completion of the visit.

D. Visitors are escorted at all times within areas where cardholder data is processed or maintained.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Could an entity use both the Customized Approach and the Defined Approach to meet the same requirement?

A. Yes, if the entity uses no compensating controls.

B. Yes, if the entity is eligible to use both approaches.

C. No, because a single approach must be selected.

D. No, because only compensating controls can be used with the Defined Approach.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

최신 QSA_New_V4 무료덤프 - PCI SSC Qualified Security Assessor V4

우리와 연락하기

유용한 링크

최신 업데이트