QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

Requirement 11.5.1mandates that organisations deployintrusion-detection or prevention toolstomonitor traffic and generate alertsfor suspicious activity. The goal is tonotify personnel quicklyof a possible breach.

Option A:❌Incorrect. IDS/IPS isnot requiredon every component — only where it adds value.

Option B:✅Correct. IDS/IPS must be configured toalert on potential compromises.

Option C:❌Incorrect. Segmentation is a separate concern under Requirement 1.

Option D:❌Incorrect. IDS is not for discovering cardholder data.

Thesettlement phaseis when:

Themerchant’s acquiring bank pays the merchant, and

Theissuing bank bills the cardholder.

This occursafter authorization and clearinghave already taken place.

Option A:❌Incorrect. Authorization verifies the card and funds but doesn’t trigger payment.

Option B:❌Incorrect. Clearing exchanges transaction details between banks but doesn’t finalise funds.

Option C:✅Correct. Settlement is whenfunds are actually transferred.

Option D:❌Incorrect. Chargebacks reverse transactions, not settle them.

Requirement 10.5.1.1requires thataudit logs be protected from unauthorised viewing and modification, and access should berestricted to individuals with a job-related need to view them. This principle aligns with least privilege and ensures accountability.

Option A:❌Incorrect. The person who performed the action may not need to view logs.

Option B:❌Incorrect. Read/write access istoo permissive.

Option C:❌Incorrect. Not all administrators need access to logs.

Option D:✅Correct. Access should bebased on job function.