Perimeter firewalls installed ______________________________. - ANSWER-between all
wireless networks and the CHD environment.
Where should firewalls be
... [Show More] installed? - ANSWER-At each Internet connection and between any
DMZ and the internal network.
Review of firewall and router rule sets at least every __________________. - ANSWER-6
months
If disk encryption is used - ANSWER-logical access must be managed separately and
independently of native operating system authentication and access control mechanisms
Manual clear-text key-management procedures specify processes for the use of the following: -
ANSWER-Split knowledge AND Dual control of keys
What is considered "Sensitive Authentication Data"? - ANSWER-Card verification value
When a PAN is displayed to an employee who does NOT need to see the full PAN, the minimum
digits to be masked are: All digits between the ___________ and the __________. - ANSWERfirst 6; last 4
Regarding protection of PAN... - ANSWER-PAN must be rendered unreadable during the
transmission over public and wireless networks.
Under requirement 3.4, what method must be used to render the PAN unreadable? - ANSWERHashing the entire PAN using strong cryptography
Weak security controls that should NOT be used - ANSWER-WEP, SSL, and TLS 1.0 or earlier
Per requirement 5, anti-virus technology must be deployed_________________ - ANSWER-on
all system components commonly affected by malicious software.
Key functions for anti-vius program per Requirement 5: - ANSWER-1) Detect
2) Remove
3) Protect
Anti-virus solutions may be temporarily disabled only if - ANSWER-there is legitimate technical
need, as authorized by management on a case-by-case basis
When to install "critical" applicable vendor-supplied security patches? ---> within _________ of
release. - ANSWER-1 month
When to install applicable vendor-supplied security patches? - ANSWER-within an appropriate
time frame (for example, within three months).
When assessing requirement 6.5, testing to verify secure coding techniques are in place to
address common coding vulnerabilities includes: - ANSWER-Reviewing software development
policies and procedures
Requirements 7 restricted access controls by: - ANSWER-Need-to-know and least privilege
Inactive accounts over _____________days need to be removed or disabled. -
ANSWER-90 days
To verify user access termination policy, an ISA need to select a sample of user terminated in
the past _______________ months, and review current user access lists —for both local and
remote access—to verify that their IDs have been deactivated or removed from the access lists.
- ANSWER-6 months
How many logon attempts should be allowed until resulting temporarily account lockedout? -
ANSWER-6 attempts
Once user account is locked-out, it will remain locked for a minimum of
________________________ or until a system administrator resets the account. - ANSWER-30
minutes
System/session idle time out must be set to_________ minutes or less. - ANSWER-15 minutes
What are the methods to authenticate users? - ANSWER-- "Something you know", such as a [Show Less]