What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?
Which statement about the Attestation of Compliance (AOC) is correct?
An entity wants to know if the Software Security Framework can be leveraged during their assessment. Which of the following software types would this apply to?
At which step in the payment transaction process does the merchant's bank pay the merchant for the purchase, and the cardholder's bank bill the cardholder?
What does the PCI PTS standard cover?
Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS/IPS)?
Assigning a unique ID to each person is intended to ensure?
Which statement about PAN is true?
Viewing of audit log files should be limited to?
An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?
Which of the following is a requirement for multi-tenant service providers?
According to Requirement 1, what is the purpose of “Network Security Controls"?
Which statement about the Attestation of Compliance (AOC) is correct?
Where can live PANs be used for testing?
Which of the following parties is responsible for completion of the Controls Matrix for the Customized Approach?
Which of the following describes “stateful responses” to communication initiated by a trusted network?
Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?
A retail merchant has a server room containing systems that store encrypted PAN data. The merchant has implemented a badge access-control system that identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?
Which scenario meets PCI DSS requirements for restricting access to databases containing cardholder data?
Which of the following meets the definition of "quarterly" as Indicated In the description of timeframes used In PCI DSS requirements?
Which scenario meets PCI DSS requirements for critical systems to have correct and consistent time?
Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?