Question 1

Requirement 1.2.2 discusses changes must be approved and managed in accordance with what requirement regarding change management?

Options :

A : 11.5.1

B : 6.5.1

C : 4.2.3

D : 12.2.1

Answer: B

Question 2

An entity is looking at ways to securely destroy their electronic media that contains CHD. Which of the following would be suitable?

Options :

A : Shredding

B : Grinding

C : Degaussing

D : Deleting

Answer: A,B,C

Question 3

Which appendix is designed for Sample Templates to Support Customized Approach

Options :

A : Appendix F

B : Appendix E

C : Appendix C

D : Appendix B

Answer: B

Question 4

You have just had an external scan performed and have been told you have 2 vulnerabilities that have been scored as medium. What should be done next?

Options :

A : The vulnerabilities should be remediated and another external scan should be completed

B : Nothing has to be remediated since the vulnerability is not high or critical

C : PCI DSS version 4 only requires internal scans for compliance. External scans are an optional area to improve security posture

D : The vulnerability should be marked as a false positive and the scan result should be added to documentation

Answer: A

Question 5

An entity is using TLS 1.1 with a card-present POI device in store. What appendix is likely to be required in addition?

Options :

A : Appendix A3

B : Appendix A1

C : Appendix A2

D : Appendix B

Answer: C