최신PCI SSC Qualified Security Assessor V4 - QSA_New_V4무료샘플문제

A. Only in scope if it stores, processes or transmits cardholder data.

B. Not in scope for PCI DSS.

C. In scope for PCI DSS.

D. Only in scope if it provides time services to database servers.

A. Visitor log includes visitor name, address, and contact phone number.

B. Visitors are escorted at all times within areas where cardholder data is processed or maintained.

C. Visitors retain their identification (for example, a visitor badge) for 30 days after completion of the visit.

D. Visitor badges are identical to badges used by onsite personnel.

A. There are different AOC templates for service providers and merchants.

B. The AOC must be signed by both the merchant/service provider and by PCI SSC.

C. The same AOC template is used W ROCs and SAQs.

D. The AOC must be signed by either the merchant/service provider or the QSA/ISA.

A. Reset to the default password before installing a system on the network.

B. Configured to expire in 30 days.

C. Changed before installing a system on the network.

D. Changed within 30 days after installing a system on the network.

A. Clearing

B. Settlement

C. Chargeback

D. Authorization

A. Monitor the control.

B. Document and maintain evidence about each customized control as defined in Appendix E of PCI DSS.

C. Derive testing procedures and document them in Appendix E of the ROC.

D. Perform the targeted risk analysis as per PCI DSS requirement 12.3.2.

A. The security protocol accepts only trusted keys.

B. The security protocol accepts connections from systems with lower encryption strength than required by the protocol.

C. The security protocol Is configured to accept all digital certificates.

D. A proprietary security protocol is used.

A. A ROC that has been completed after using an SAQ to determine which requirements should be tested, as per FAQ 1331.

B. An interim result before the final ROC has been completed.

C. An assessment with at least one requirement marked as "Not Tested".

D. A term used by payment brands and acquirers to describe entities that have multiple payment channels, with each channel having its own assessment.