PCI SSC Qualified Security Assessor V4 - QSA_New_V4 Exam Practice Test

A. Every facility where cardholder data is stored is reviewed.

B. All types and locations of facilities are represented.

C. The number of facilities in the sample is at least 10 percent of the total number of facilities.

D. It includes a consistent set of facilities that are reviewed for all assessments.

A. Ensuring that media is clearly and visibly labeled as "Confidential" so all personnel know that the media contains cardholder data.

B. Ensuring that media is properly protected according to the sensitivity of the data it contains.

C. Ensuring that all media is consistently destroyed on the same schedule, regardless of the contents.

D. Ensuring that media containing cardholder data Is moved from secured areas an a quarterly basis.

A. Encrypted with strong cryptography.

B. Reviewed and updated at least quarterly.

C. Stored securely so that only management has access.

D. Distributed to and understood by all affected parties.

A. Any software developed by a third party.

B. Any software developed by a third party that can be customized by an entity.

C. Virtual payment terminals.

D. Software developed by an entity for the entity's own use.

A. User access to the database is only through programmatic methods.

B. Direct queries to the database are restricted to shared database administrator accounts.

C. Application IDs for database applications can only be used by database administrators.

D. User access to the database is restricted to system and network administrators.

A. A new key custodian must be assigned.

B. Cryptographic key components from the retired key must be retained for 3 months before disposal.

C. All data encrypted under the retired key must be securely destroyed.

D. The retired key must not be used for encryption operations.

A. Settlement

B. Chargeback

C. Clearing

D. Authorization

A. Visitor log includes visitor name, address, and contact phone number.

B. Visitors retain their identification (for example, a visitor badge) for 30 days after completion of the visit.

C. Visitors are escorted at all times within areas where cardholder data is processed or maintained.

D. Visitor badges are identical to badges used by onsite personnel.