Question 1

After the 31 of the March 2025, how frequent must you review the system and application account privileges?

Options :

A : At every quarter.

B : There are no requirements for system accounts, so they should never.

C : Biannually

D : Periodically. The frequency is defined in the TRA (targeted risk analysis) of the entity-s .

Answer: D

Question 2

Which of the following can be sampled for testing during a PCI DSS assessment?

Options :

A : PCI DSS requirements and testing procedures

B : Compensating controls

C : Business facilities and system components

D : Security policies and procedures

Answer: C

Question 3

Typical locations where track data may be found include which of the following?

Options :

A : order forms and receipt used for email-order purchases

B : databases and application files from e-commerce servers

C : databases and log files from point-of-sales terminals

D : screenshots and audio recording of telephone-based purchases

Answer: C

Question 4

A "Partial Assessment" is a new assessment definition. What is defined as a "Partial Assessment"?

Options :

A : An assessment with at least one requirement that is marked as "Not Tested".

B : A terminology that is used by the payment brands and the acquirers to define entities that have multiple payment channels. Each channel has its own assessment

C : An intermidiary state before the final ROC has been completed.

D : A ROC that has been completed after using an SAQ to determine which requirements should be tested, as per FAQ 1331. (As long as the entity meets the SAQ’s eligibility criteria).

Answer: A

Question 5

When should penetration testing be performed?

Options :

A : At least quarterly, and after any change to user access or file access permission

B : At least annually, and after any change to user access permission

C : At least quarterly, and after any significant changes to the network

D : At least annually, and after any significant changes to infrastructure or applications

Answer: D