合格させるPCIP3.0ブレーン問題集で更新されたのは認定サンプル問題 [Q38-Q56]

合格させるPCIP3.0ブレーン問題集で更新されたのは認定サンプル問題

オンラインPCIP3.0テストブレーン問題集とテストエンジン

質問 # 38
Internal and external vulnerability scans should run at minimum on every __________ to meet requirement 11.2

• A. 60 days
• B. 180 days
• C. 90 days
• D. 30 days

正解：C

質問 # 39
Merchants using P2PE solutions are still required to validate to PCI DSS

• A. True
• B. False

正解：A

質問 # 40
To whom is Self-Assessment Question naire (SAQ) A intended for?

• A. Merchants with Web-Based Virtual Payment Terminals-No Electronic Cardholder Data Storage
• B. Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals- No Electronic
  Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone, Dial-out Terminals
  No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or Only Standalone,
  Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only Imprint Machines or
  Only Standalone, Dial-out Terminals- No Electronic Cardholder Data Storage Merchants with Only
  Imprint Machines or Only Standalone, Dial-Out Terminals - No Electronic Cardholder Data Storage
• C. Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced
• D. Merchants with Payment Application Systems Connected to the Internet-No Electronic Cardholder
  Data Storage Merchants with Payment Application Systems Connected to the Internet- No Electronic
  Cardholder Data Storage Merchants with Payment Application Systems Connected to the Internet-No
  Electronic Cardholder Data Storage Merchants with Payment Application Systems Connected to the
  Internet-No Electronic Cardholder Data Storage Merchants with Payment Application Systems
  Connected to the Internet - No Electronic Cardholder Data Storage

正解：C

質問 # 41
Use of a Qualified Integrator/Reeller (QIR):

• A. is required by PCI DSS
• B. replaces the need for PCI DSS
• C. ensures PCI DSS compliance
• D. is a good step towards PCI DSS compliance

正解：D

質問 # 42
All other merchants (not included in the descriptions for SAQs A, B, or C) and all service providers defined by a payment brand as eligible to complete an SAQ may be completing what SAQ?

• A. SAQ D
• B. SAQ A
• C. SAQ B
• D. SAQ C

正解：A

質問 # 43
What are best practices for implementing PCI DSS into Business-as-Usual (BAU) Processes? (Select
ALL that apply)

• A. Don't forget about people
• B. Focus on security, not on compliance
• C. Building security into business-as-usual helps organizations to maintain their PCI DSS compliant environment in between PCI DSS assessments
• D. PCI DSS is not a once-a-year activity

正解：A、B、C、D

質問 # 44
When masking the PAN what is the maximum number of digits allowed to be displayed

• A. The first four and the last six
• B. The display of PAN digits are prohibited
• C. The first four and the last four
• D. The first six and the last four

正解：D

質問 # 45
Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use?

• A. SAQ C/VT
• B. SAQ A
• C. SAQ D
• D. SAQ B

正解：B

質問 # 46
Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?

• A. Telnet
• B. SSH
• C. RLogon
• D. FTP

正解：B

質問 # 47
Imprint-Only Merchants with no electronic storage of cardholder data may be eligible to use which SAQ?

• A. SAQ C/VT
• B. SAQ A
• C. SAQ B
• D. SAQ D

正解：C

質問 # 48
Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be

• A. less stronger as the data-encrypting keys
• B. stored at the same location of the data-encrypting key
• C. at least as strong as the data-encrypting keys
• D. stronger than the data-encrypting keys

正解：C

質問 # 49
The P2PE Standard covers:

• A. Secure payment applications for processing transactions
• B. Encryption, decryption, and key management requirements for point-to-point encryption solutions
• C. Mechanisms used to protect the PIN and encrypted PIN blocks
• D. Physical security requirements for manufacturing payment cards

正解：B

質問 # 50
PCI Requirement 12.6 requires personnel to acknowledge at least _______ that they have read and understood the security policy and procedures.

• A. Once during their employment
• B. Every six months
• C. Annually
• D. Quarterly

正解：C

質問 # 51
Develop and maintain secure systems and applications is the _________

• A. Requirement 5
• B. Requirement 7
• C. Requirement 6
• D. Requirement 8

正解：C

質問 # 52
Which of the following entities will ultimately approve a purchase?

• A. Payment Transaction Gateway
• B. Merchant
• C. Acquiring Bank
• D. Issuing Bank

正解：D

質問 # 53
PCI DSS Requirement 3.4 states that PAN must be rendered unreadable when stored. Which of the following may be used to meet this requirement?

• A. masking the entire PAN using industry standards
• B. Encryption of the first six and last four numbers of the PAN
• C. Hiding the column containing PAN data in the database
• D. Hashing the entire PAN using strong cryptography

正解：D

質問 # 54
Quarterly internal vulnerability scans should be executed and rescans as needed until what point?

• A. High-risk vulnerabilities (as defined in Requirement 6.1) are resolved
• B. All identified vulnerabilities are resolved
• C. High and medium risks vulnerabilities are resolved
• D. Until you get a PCI Scan passing score

正解：A

質問 # 55
Merchants with segmented payment application systems connected to the Internet, no electronic cardholder data storage, may be eligible to use what SAQ?

• A. SAQ C-VT
• B. SAQ A
• C. SAQ C
• D. SAQ D
• E. SAQ B

正解：C

質問 # 56
......

リアルPCI PCIP3.0試験問題集には正解90問題と解答があります：https://www.passtest.jp/PCI/PCIP3.0-shiken.html

PCI PCIP3.0認定のリアル2023年最新の模擬試験：https://drive.google.com/open?id=1NCYzguewdNPqMcTPgn-w9pxenYzFpyds