Question 1

During itnernal scanning there are low risk vulnerabilities identify, what is the best course of action?

Options :

A : Should not be addressed

B : Address them based on the risk defined in the targeted risk analysis

C : Patch them within 30 days

D : Resolve them within 3 months

Answer: B

Question 2

Assigning a unique ID to each person is intended to ensure:

Options :

A : Strong passwords are used for each user account

B : Shared accounts are only used by administrators

C : Individual users are accountable for their own actions

D : Access is assigned to group accounts based on need-to-know

Answer: C

Question 3

When is required to implement an automated technical solution to protect public facing web apps?

Options :

A : From 31st of March 2025.

B : Immediately, it was required since PCI-DSS v3.2.1.

C : After a vulnerability is identified.

D : When PCI DSS v3.2.1 is retired

Answer: A

Question 4

Merchants with payment application system connected to the internet and with no electric cardholder data storage may be eligible to complete which SAQ?

Options :

A : SAQ B

B : SAQ A

C : SAQ C

D : SAQ C-VT

Answer: C

Question 5

Storing track data "long term" or "persistently" is permitted when_______.

Options :

A : It is being stored by the issuers

B : It is hashed by the merchants storing it.

C : It is encrypted by the merchant storing it.

D : It is reported to the PCI SSC annually in a ROC

Answer: A