Question 1

What does ASV stand for?

Options :

A : Applied Security Vendor

B : Applicable Scanning Vendor

C : Accepted Security Vendor

D : Approved Scanning Vendor

Answer: D

Question 2

An organization has multiple business locations, each with its own payment processing setup. Some locations process card-present transactions using point-of-sale (POS) terminals, while others handle e-commerce transactions through their website. As a PCI Professional, which Self-Assessment Questionnaire (SAQ) would be most appropriate for the organization's overall PCI DSS compliance assessment?

Options :

A : SAQ B

B : SAQ A-EP

C : SAQ D

D : SAQ P2PE

Answer: C

Question 3

What is an 'inactive user account'?

Options :

A : An account that has only been used once over the course of 90 days

B : An account that is used by a current employee for a particular task

C : An account that has not been used in over 30 days

D : An account that has not been used in over 90 days

Answer: D

Question 4

All internal scanning must be what?

Options :

A : Performed monthly

B : Require an ASV for internal scanning to match external scanning

C : Performed via authenticated scanning

D : Performed via unauthenticated scanning

Answer: C

Question 5

An entity is determining what their audit logs should capture. Which one of the listed options should they include?

Options :

A : Logs that show when members of an admin group have made a phone call

B : An entity can determine how thorough their logs are as this is not specifically included in the PCI DSS version 4

C : Logs of when staff have taken their lunch break

D : Starting, stopping, or pausing of the existing logs

Answer: D