Question 1

When is required to implement an automated technical solution to protect public facing web apps?

Options :

A : From 31st of March 2025.

B : Immediately, it was required since PCI-DSS v3.2.1.

C : After a vulnerability is identified.

D : When PCI DSS v3.2.1 is retired

Answer: A

Question 2

Level 1 and 2 merchants must include_______ as the part of their PCI-DSS compliance validation reporting process?

Options :

A : Sensitive authentication data (SAD)

B : A copy of their risk assessment

C : A report from their QSA

D : ASV scan results

Answer: D

Question 3

What is true regarding the use of compensating controls?

Options :

A : Compensating controls do not need to be documented

B : Controls must be in place to ensure compensating controls remain effective after they've been assessed

C : Compensating controls increase the risk to the organizations

D : Compensating controls cannot be changed once they've been implemented

Answer: B

Question 4

A service provider with no electronic cardholder data storage may be eligible to complete with SAQ?

Options :

A : SAQ C

B : SAQ D

C : SAQ A

D : SAQ B

Answer: B

Question 5

Typical locations where track data may be found include which of the following?

Options :

A : order forms and receipt used for email-order purchases

B : databases and application files from e-commerce servers

C : databases and log files from point-of-sales terminals

D : screenshots and audio recording of telephone-based purchases

Answer: C

Smartly Prepare Exam with Free Online QSA_New Practice Test