QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

PerRequirement 10.6.1, PCI DSS mandates that time-synchronization technology be used, andsystems must be synchronized to a central time serverthat itself receives time from an approved external source. This ensures logs can be accurately correlated.

Option A:Incorrect. Time inconsistency arises if each system operates independently.

Option B:Incorrect. Time configuration must berestricted to authorised personnel only.

Option C:Correct. Time should be sourced from a centralised server which is in sync with reliable external sources.

Option D:Incorrect. Each system peering independently can cause inconsistencies.

PCI DSSRequirement 11.5.2mandates the use of file-integrity monitoring (FIM) or change-detection tools to monitorcritical filessuch as system binaries, configuration files, and system parameters.

Option A:❌Incorrect. Manuals are not critical system files.

Option B:❌Incorrect. Regularly changing files (e.g., logs or temp files) are typically excluded.

Option C:❌Incorrect. Policies and procedures are reviewed but not subject to FIM.

Option D:✅Correct. System config and parameter files must bemonitored for unauthorised changes.

 Testing with Live PANs

PCI DSS Requirement 6.4.3 requires that live PANs (Primary Account Numbers) only be used in secure and controlled environments within the CDE.

Pre-production environments located within the CDE must adhere to all PCI DSS requirements for security and monitoring​​.

 Prohibited Uses

Testing with live PANs in environments outside the CDE violates PCI DSS. Only simulated data should be used in less secure testing environments.

 Incorrect Options

Option A: Production environments are for real transactions, not testing.

Option B: Test environments outside the CDE are insecure for live PANs.

Option D: The QSA environment is irrelevant to the organization’s CDE testing controls.