Question 1

Which of the following is true regarding internal vulnerability scans?

Options :

A : They must be performed after a significant change.

B : They must be performed by an Approved Scanning Vendor (ASV).

C : They must be performed by QSA personnel.

D : They must be performed at least annually.

Answer: A

Question 2

Which of the following describes "stateful responses" to communication Initiated by a trusted network?

Options :

A : Administrative access to respond to requests to change the firewall Is limited to one individual at a time.

B : Active network connections are tracked so that invalid "response" traffic can be identified.

C :

A current baseline of application configurations is maintained and any mis-configuration is responded to promptly.

D : Logs of user activity on the firewall are correlated to identify and respond to suspicious behavior.

Answer: B

Question 3

What do PCI DSS requirements for protecting cryptographic keys include?

Options :

A : Public keys must be encrypted with a key-encrypting key.

B : Data-encrypting keys must be stronger than the key-encrypting key that protects it.

C : Private or secret keys must be encrypted, stored within an SCD, or stored as key components.

D : Key-encrypting keys and data-encrypting keys must be assigned to the same key custodian.

Answer: C

Question 4

Viewing of audit log files should be limited to?

Options :

A : Individuals who performed the logged activity.

B : Individuals with read/write access.

C : Individuals with administrator privileges.

D : Individuals with a job-related need.

Answer: D