EMT Practice Test

1. Question Content...


Question List

Question1: What process is requited by PCI DSS (or protecting card-reading devices at the point-of-sale?

Question2: Which statement about PAN is true?

Question3: An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?

Question4: What is the intent of classifying media that contains cardholder data?

Question5: If disk encryption is used to protect account data what requirement should be met for the disk encryption solution?

Question6: According torequirement 1,what is the purpose of "Network Security Controls?

Question7: Passwords for default accounts and default administrative accounts should be?

Question8: Which of the following describes the intent of installing one primary function per server?

Question9: What must be included m an organization's procedures for managing visitors9

Question10: Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS'IPS)?

Question11: In accordance with PCI DSS Requirement 10. how long must audit logs be retained?

Question12: Assigning a unique ID to each person is intended to ensure?

Question13: Which of the following is true regarding internal vulnerability scans?

Question14: What must the assessor verify when testing that PAN is protected whenever it is sent over the Internet?

Question15: In the ROC Repotting Template, which of the following is the best approach for a response where the requirement was in Place''?

Question16: Which of the following types of events is required to be logged?

Question17: An entity is using custom software in their CDE.The custom software was developed using processes that were assessed by a Secure Software Lifecycle assessor and found to be fully compliant with the Secure SLC standard.What impact will this have on the entity's PCI DSS assessment?

Question18: An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA During the assessment, you spend time completing the Controls Matrix and the TRA. while also ensuing that the customized control is implemented securely Which of the following statements is true?

Question19: A sample of business facilities is reviewed during the PCI DSS assessment What is the assessor required to validate about the sample?

Question20: An internal NTP server that provides lime services to the Cardholder Data Environment is?

Question21: Security policies and operational procedures should be?

Question22: Which of the following describes "stateful responses' to communication initiated by a trusted network?

Question23: The intent of assigning a risk ranking to vulnerabilities is to?

Question24: Which statement about the Attestation of Compliance (AOC) is correct?

Question25: An organization wishes to implement multi-factor authentication for remote access, using the user's individual password and a digital certificate. Which of the following scenarios would meet PCI DSS requirements for multi-factor authentication?

Question26: Which of the following statements is true regarding track equivalent data on the chip of a payment card?

Question27: An organization wishes to implement multi-factor authentication for remote access, using the user's individual password and a digital certificate. Which of the following scenarios would meet PCI DSS requirements for multi-factor authentication?