What does the PCI PTS standard cover?
A network firewall has been configured with the latest vendor security patches. What additional configuration is needed to harden the firewall?
What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?
An LDAP server providing authentication services to the cardholder data environment is?
What must the assessor verify when testing that PAN is protected whenever it is sent over the Internet?
If segmentation is being used to reduce the scope of a PCI DSS assessment, the assessor will?
An entity accepts e-commerce payment card transactions and stores account data in a database. The database server and the web server are both accessible from the Internet. The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements?
A retail merchant has a server room containing systems that store encrypted PAN data. The merchant has implemented a badge access-control system that identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?
A "Partial Assessment" is a new assessment result. What is a “Partial Assessment"?
Which of the following describes “stateful responses” to communication initiated by a trusted network?
Which of the following is true regarding internal vulnerability scans?
Which statement about PAN is true?
Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?
Which of the following types of events is required to be logged?
Which of the following is true regarding compensating controls?
If disk encryption is used to protect account data, what requirement should be met for the disk encryption solution?
A sample of business facilities is reviewed during the PCI DSS assessment. What is the assessor required to validate about the sample?
Which of the following is a requirement for multi-tenant service providers?
Which statement about the Attestation of Compliance (AOC) is correct?
Where can live PANs be used for testing?
An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?