QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

Thesettlement phaseis when:

Themerchant’s acquiring bank pays the merchant, and

Theissuing bank bills the cardholder.

This occursafter authorization and clearinghave already taken place.

Option A:❌Incorrect. Authorization verifies the card and funds but doesn’t trigger payment.

Option B:❌Incorrect. Clearing exchanges transaction details between banks but doesn’t finalise funds.

Option C:✅Correct. Settlement is whenfunds are actually transferred.

Option D:❌Incorrect. Chargebacks reverse transactions, not settle them.

There areseparate Attestation of Compliance (AOC) templatesfor different use cases, specifically formerchantsandservice providers, and forSAQsversusROCs. Each template is tailored to match the reporting needs of that assessment type.

Option A:✅Correct. PCI SSC publishes distinct AOC templates depending on whether the entity is a merchant or service provider, and depending on whether they are completing an SAQ or ROC.

Option B:❌Incorrect. The AOC is not signed by PCI SSC. It must be signed by the assessed entity and, where applicable, the QSA or ISA.

Option C:❌Incorrect. ROCs and SAQs use different AOC formats.

Option D:❌Incorrect. Both the entity and the assessor (if applicable)mustsign.

Formulti-tenant service providers,isolation and segmentationare critical. As perRequirement 12.10.3, each customer’s environment must besegregated and protectedsuch that no tenant can access another’s data or systems.

Option A:✅Correct. This is the foundational control —isolation of customer environments.

Option B:❌Incorrect. Exposing system config files is a security risk.

Option C:❌Incorrect. Shared user IDs areexplicitly prohibitedby Requirement 8.2.1.

Option D:❌Incorrect. Customers should only access their own logs.