Question 1

PCI-DSS Requirements 5 stats that antivirus software must be:

Options :

A : Installed on systems even those not commonly affected by malware

B : Updates at least annually

C : Installed on systems commonly affected by the malware

D : Configured to allow users to disable it as desired

Answer: C

Question 2

During itnernal scanning there are low risk vulnerabilities identify, what is the best course of action?

Options :

A : Should not be addressed

B : Address them based on the risk defined in the targeted risk analysis

C : Patch them within 30 days

D : Resolve them within 3 months

Answer: B

Question 3

An entity is using removable USB storage on their Windows PCs. The PCs run antimalware and are being used to process cardholder-not-present transactions. From the below, what is correct about the USB storage?

Options :

A : USB stprage os cpmsodered am exterma; device so PAN cannot be stored on that.

B : After the 31 of March 2025 the USB storage must be securely destroyed.

C : The audit logs that are held on the USB storage should be kept for 30 days maximum.

D : After the 31 of March 2025 an automatic scan must be performed when the USB storage is inserted into the PCs.

Answer: D

Question 4

A service provider with no electronic cardholder data storage may be eligible to complete with SAQ?

Options :

A : SAQ C

B : SAQ D

C : SAQ A

D : SAQ B

Answer: B

Question 5

Typical locations where track data may be found include which of the following?

Options :

A : order forms and receipt used for email-order purchases

B : databases and application files from e-commerce servers

C : databases and log files from point-of-sales terminals

D : screenshots and audio recording of telephone-based purchases

Answer: C