QSA_New_V4 試験問題を無料オンラインアクセス

What is the intent of classifying media that contains cardholder data?

• A.Ensuring that media is clearly and visibly labeled as "Confidential" so all personnel know that the media contains cardholder data.
• B.Ensuring that media is properly protected according to the sensitivity of the data it contains.
• C.Ensuring that all media is consistently destroyed on the same schedule, regardless of the contents.
• D.Ensuring that media containing cardholder data Is moved from secured areas an a quarterly basis.

An entity accepts e-commerce payment card transactions and stores account data in a database. The database server and the web server are both accessible from the Internet. The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements?

• A.The web server and the database server should be installed on the same physical server.
• B.The web server should be moved into the internal network.
• C.The database server should be moved to a separate segment from the web server to allow for more concurrent connections.
• D.The database server should be relocated so that it is not accessible from untrusted networks.

Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?

• A.Security policy and procedure documents
• B.Application vendor manuals
• C.Files that regularly change
• D.System configuration and parameter files

PCI DSS Requirement 12.7 requires screening and background checks for which of the following?

• A.Personnel with access to the cardholder data environment.
• B.All personnel employed by the organization.
• C.Visitors with access to the organization's facilities.
• D.Cashiers with access to one card number at a time.

According to the glossary, "bespoke and custom software" describes which type of software?

• A.Virtual payment terminals.
• B.Any software developed by a third party.
• C.Software developed by an entity for the entity's own use.
• D.Any software developed by a third party that can be customized by an entity.