QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

Formulti-tenant service providers,isolation and segmentationare critical. As perRequirement 12.10.3, each customer’s environment must besegregated and protectedsuch that no tenant can access another’s data or systems.

Option A:✅Correct. This is the foundational control —isolation of customer environments.

Option B:❌Incorrect. Exposing system config files is a security risk.

Option C:❌Incorrect. Shared user IDs areexplicitly prohibitedby Requirement 8.2.1.

Option D:❌Incorrect. Customers should only access their own logs.

PerRequirement 10.6.1, PCI DSS mandates that time-synchronization technology be used, andsystems must be synchronized to a central time serverthat itself receives time from an approved external source. This ensures logs can be accurately correlated.

Option A:Incorrect. Time inconsistency arises if each system operates independently.

Option B:Incorrect. Time configuration must berestricted to authorised personnel only.

Option C:Correct. Time should be sourced from a centralised server which is in sync with reliable external sources.

Option D:Incorrect. Each system peering independently can cause inconsistencies.

According toRequirement 9.3.1and9.4.1.2, physical access control mechanisms — including badge readers — must beprotected against tampering or disablingto prevent unauthorized access and maintain the integrity of access logs.

Option A:Correct. Physical access control systems must be protected from tampering.

Option B:Incorrect. Video cameras are requiredonly where appropriate; badge access may suffice.

Option C:Incorrect. Access logs must beretained for at least three months, not deleted monthly (see 9.4.1.3).

Option D:Incorrect. Motion sensors are not specifically required.