QSA_New_V4 Exam Dumps : Qualified Security Assessor V4 Exam

Requirement 10.5.1.1requires thataudit logs be protected from unauthorised viewing and modification, and access should berestricted to individuals with a job-related need to view them. This principle aligns with least privilege and ensures accountability.

Option A:❌Incorrect. The person who performed the action may not need to view logs.

Option B:❌Incorrect. Read/write access istoo permissive.

Option C:❌Incorrect. Not all administrators need access to logs.

Option D:✅Correct. Access should bebased on job function.

Stateful inspection (or stateful packet filtering)tracks the state of active connections and determines which packets are part of a valid session.Requirement 1.4.2references the use of network security controls (NSCs) withstateful filteringcapability to allow legitimate trafficonly in response to trusted requests.

Option A:❌Incorrect. Firewall admin procedures are not what “stateful” refers to.

Option B:✅Correct. “Stateful responses” mean tracking existing connections toblock unauthorised or spoofed responses.

Option C:❌Incorrect. That describes configuration management, not stateful filtering.

Option D:❌Incorrect. Logging is important but not part of stateful inspection.

 Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and prevents unauthorized access​​.

 Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises the security of the encrypted communication.

 Prohibited Practices:

A/D:Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B:Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

 Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted​​.