An organization wishes to implement multi-factor authentication for remote access, using the user's individual password and a digital certificate. Which of the following scenarios would meet PCI DSS requirements for multi-factor authentication?

• A.Certificates are assigned only to administrative groups and not to regular users
• B.A different certificate is assigned to each individual user account, and certificates are not shared
• C.Certificates are logged so they can be retrieved when the employee leaves the company
• D.Change control processes are in place to ensue certificates are changed every 90 days

Comment: *

Name: *

Email: *

Verification: *

An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7

• A.The web server and the database server should be installed on the same physical server
• B.The database server should be relocated so that it is not accessible from untrusted networks
• C.The web server should be moved into the internal network
• D.The database server should be moved to a separate segment from the web server to allow for more concurrent connections

Comment: *

Name: *

Email: *

Verification: *

A "Partial Assessment is a new assessment result What is a 'Partial Assessment'?

• A.A ROC that has been completed after using an SAQ to determine which requirements should be tested.
  As per FAQ 1331. (As long as the entity meets the SAQs eligibility criteria)
• B.An interim result before the final ROC has been completed
• C.A term used by payment brands and acquirers to describe entities that have multiple payment channels with each channel having its own assessment
• D.An assessment with at least one requirement marked as Not Tested*

Comment: *

Name: *

Email: *

Verification: *

According to the glossary, bespoke and custom software describes which type of software?

• A.Any software developed by a third party
• B.Any software developed by a third party that can be customized by an entity.
• C.Software developed by an entity for the entity's own use
• D.Virtual payment terminals

Comment: *

Name: *

Email: *

Verification: *

According torequirement 1,what is the purpose of "Network Security Controls?

• A.Manage anti-malware throughout the CDE.
• B.Control network traffic between two or more logical or physical network segments.
• C.Discover vulnerabilities and rank them
• D.Encrypt PAN when stored

Comment: *

Name: *

Email: *

Verification: *