Free PCI SSC QSA_New_V4 Exam Dumps Questions & Answers

Which of the following statements is true whenever a cryptographic key is retired and replaced with a new key?

• A.  All data encrypted under the retired key must be securely destroyed.
• B.  A new key custodian must be assigned.
• C.  Cryptographic key components from the retired key must be retained for 3 months before disposal.
• D.  The retired key must not be used for encryption operations.

Security policies and operational procedures should be?

• A.  Encrypted with strong cryptography.
• B.  Distributed to and understood by all affected parties.
• C.  Stored securely so that only management has access.
• D.  Reviewed and updated at least quarterly.

Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS/IPS)?

• A.  Intrusion detection techniques are required on all system components.
• B.  Intrusion detection techniques are required to identify all instances of cardholder data.
• C.  Intrusion detection techniques are required to alert personnel of suspected compromises.
• D.  Intrusion detection techniques are required to isolate systems in the cardholder data environment from all other systems.

An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?

• A.  You can assess the customized control and verify that the customized approach was correctly followed, but you must document this in the ROC.
• B.  You must document the work on the customized control in the ROC, but you can not assess the control or the documentation.
• C.  You can assess the customized control, but another assessor must verify that you completed the TRA correctly.
• D.  Assessors are not allowed to assist an entity with the completion of the Controls Matrix or the TRA.

Where can live PANs be used for testing?

• A.  Pre-production environments that are located within the CDE.
• B.  Pre-production (test) environments only if located outside the CDE.
• C.  Testing with live PANs must only be performed in the QSA Company environment.
• D.  Production (live) environments only.