EMT Practice Test

1. Question Content...


Question List

Question1: According to the glossary, bespoke and custom software describes which type of software?

Question2: What does the PCI PTS standard cover?

Question3: Viewing of audit log files should be limited to?

Question4: According torequirement 1,what is the purpose of "Network Security Controls?

Question5: An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?

Question6: What is the intent of classifying media that contains cardholder data?

Question7: Which of the following can be sampled for testing during a PCI DSS assessment?

Question8: An entity wants to know if the Software Security Framework can be leveraged during their assessment Which of the following software types would this apply to?

Question9: The intent of assigning a risk ranking to vulnerabilities is to?

Question10: Which of the following is required to be included in an incident response plan?

Question11: If disk encryption is used to protect account data what requirement should be met for the disk encryption solution?

Question12: Assigning a unique ID to each person is intended to ensure?

Question13: What process is requited by PCI DSS for protecting card-reading devices at the point-of-sale?

Question14: An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA. while also ensuing that the customized control is implemented securely. Which of the following statements is true?

Question15: Which of the following statements is true whenever a cryptographic key is retired and replaced with a new key?

Question16: Which of the following describes "stateful responses' to communication initiated by a trusted network?

Question17: Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?

Question18: An internal NTP server that provides time services to the Cardholder Data Environment is?

Question19: Which of the following types of events is required to be logged?

Question20: A sample of business facilities is reviewed during the PCI DSS assessment What is the assessor required to validate about the sample?

Question21: What must the assessor verify when testing that PAN is protected whenever it is sent over the Internet?

Question22: Which systems must have anti-malware solutions'

Question23: Which statement about the Attestation of Compliance (AOC) is correct?

Question24: If an entity shares cardholder data with a TPSP, what activity is the entity required to perform'?

Question25: If an entity shares cardholder data with a TPSP, what activity is the entity required to perform'?

Question26: Which scenario meets PCI DSS requirements for restricting access to databases containing cardholder data?

Question27: What should the assessor verify when testing that cardholder data is protected whenever it is sent over open public networks?

Question28: Which of the following describes the intent of installing one primary function per server?