EMT Practice Test

1. Question Content...


Question List

Question1: SELECT ALL THAT MATCHES
Examples of two-factor technologies include:

Question2: To whom is Self-Assessment Question naire (SAQ) A intended for?

Question3: Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be

Question4: An user should be required to re-authenticate to activate the terminal or session if it's been idle for more than

Question5: According to requirement 8.1.6 an user ID should be locked out after a maximum how many repeated access attempts?

Question6: According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.

Question7: All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database

Question8: Merchants using P2PE solutions are still required to validate to PCI DSS

Question9: Requirement 8.2.3 states that passwords/phrases must contain both numeric and alphabetic characters and a minimum length of at least

Question10: Please select all possible disciplinary actions that may be applicable in case of violation of PCI Code of
Professional Responsibility

Question11: An audit trail history should be available immediately for analysis within a minimum of

Question12: Requirement 2.2.2 and 2.2.3 cover the use of secure services, protocols, and daemons as required for the function of a system. Which of the following is considered secure?

Question13: The presumption of P2PE is that:

Question14: PCI DSS Requirement Appendix A is intended for:

Question15: The P2PE Standard covers:

Question16: Internal and external penetration tests should be performed_______________ to meet requirement
1 1.3.1 and 11.3.2

Question17: PCIPs are required to adhere to the Code of Professional Responsibility, which includes:

Question18: PCI DSS Requirement 1 covers:

Question19: If virtualization technologies are used in a cardholder data environment:

Question20: Restrict access to cardholder data by business need-to-know

Question21: Regularly test security systems and processes is the ___________

Question22: The use of Tokenization can eliminate the need for PCI Compliance

Question23: As defined by PCI DSS Requirement 7, access to cardholder data should be restricted based on which principle?

Question24: PCI DSS Requirement 5 states that anti-virus software must be:

Question25: Use of a Qualified Integrator/Reeller (QIR):

Question26: Information Security Policies must be reviewed/updated _____________ to meet requirement 12.1.1

Question27: When masking the PAN what is the maximum number of digits allowed to be displayed

Question28: Merchants involved with only card-not-present transactions that are completely outsourced to a PCI DSS complaint service provider may be eligible to use?