An internal NTP server that provides time services to the Cardholder Data Environment is?
Which statement about the Attestation of Compliance (AOC) is correct?
Passwords for default accounts and default administrative accounts should be?
A network firewall has been configured with the latest vendor security patches. What additional configuration is needed to harden the firewall?
The intent of assigning a risk ranking to vulnerabilities is to?
In the ROC Reporting Template, which of the following Is the best approach for a response where the requirement was "In Place’?
A retail merchant has a server room containing systems that store encrypted PAN data. The merchant has implemented a badge access-control system that identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?
Which of the following is a requirement for multi-tenant service providers?
Which statement is true regarding the PCI DSS Report on Compliance (ROC)?
Security policies and operational procedures should be?
Security policies and operational procedures should be?
If disk encryption is used to protect account data, what requirement should be met for the disk encryption solution?
Which scenario meets PCI DSS requirements for restricting access to databases containing cardholder data?
In accordance with PCI DSS Requirement 10, how long must audit logs be retained?
Which of the following can be sampled for testing during a PCI DSS assessment?
Where can live PANs be used for testing?
Viewing of audit log files should be limited to?
Where can live PANs be used for testing?
Which of the following statements is true regarding track equivalent data on the chip of a payment card?
Which of the following parties is responsible for completion of the Controls Matrix for the Customized Approach?
Which systems must have anti-malware solutions?
Which of the following is an example of multi-factor authentication?