QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

Requirement 10.5.1.1requires thataudit logs be protected from unauthorised viewing and modification, and access should berestricted to individuals with a job-related need to view them. This principle aligns with least privilege and ensures accountability.

Option A:❌Incorrect. The person who performed the action may not need to view logs.

Option B:❌Incorrect. Read/write access istoo permissive.

Option C:❌Incorrect. Not all administrators need access to logs.

Option D:✅Correct. Access should bebased on job function.

According toRequirement 1.2.1of PCI DSS v4.0.1, network security controls (NSCs), such as firewalls and segmentation controls, are used torestrict and control trafficbetween trusted and untrusted networks. This includes logical or physical network segmentation.

Option A:Incorrect. Anti-malware is addressed in Requirement 5.

Option B:Correct. NSCs control and restrict inbound and outbound traffic between logical and physical network segments.

Option C:Incorrect. Vulnerability management is under Requirement 6.

Option D:Incorrect. PAN encryption is covered in Requirement 3.5.

According toRequirement 9.3.1and9.4.1.2, physical access control mechanisms — including badge readers — must beprotected against tampering or disablingto prevent unauthorized access and maintain the integrity of access logs.

Option A:Correct. Physical access control systems must be protected from tampering.

Option B:Incorrect. Video cameras are requiredonly where appropriate; badge access may suffice.

Option C:Incorrect. Access logs must beretained for at least three months, not deleted monthly (see 9.4.1.3).

Option D:Incorrect. Motion sensors are not specifically required.