Question 1

Which of the following is NOT typically considered a critical component of a comprehensive incident response plan for PCI DSS compliance?

Options :

A : Providing public notifications for all security incidents involving payment card data

B : Documenting procedures for incident reporting, investigation, and remediation

C : Establishing clear roles and responsibilities for incident response team members

D : Implementing measures for timely detection and containment of security incidents

Answer: A

Question 2

What does ASV stand for?

Options :

A : Applied Security Vendor

B : Applicable Scanning Vendor

C : Accepted Security Vendor

D : Approved Scanning Vendor

Answer: D

Question 3

An entity is using TLS 1.1 with a card-present POI device in store. What appendix is likely to be required in addition?

Options :

A : Appendix A3

B : Appendix A1

C : Appendix A2

D : Appendix B

Answer: C

Question 4

Who is the most recent payment brand?

Options :

A : Visa

B : Union Pay

C : Mastercard

D : JCB International

Answer: B

Question 5

An entity is determining what their audit logs should capture. Which one of the listed options should they include?

Options :

A : Logs that show when members of an admin group have made a phone call

B : An entity can determine how thorough their logs are as this is not specifically included in the PCI DSS version 4

C : Logs of when staff have taken their lunch break

D : Starting, stopping, or pausing of the existing logs

Answer: D