PCI SSC Assessor_New_V4 問題集

質問 1：
Which scenario describes segmentation of the cardholder data environment (CDE) for the purposes of reducing PCI DSS scope?
A. Virtual LANs that route network traffic between the CDE and out-of-scope networks
B. Firewalls that log all network traffic flows between the CDE and out of-scope networks
C. A network configuration that prevents all network traffic between the CDE and out-of-scope networks
D. Routers that monitor network traffic flows between the CDE and out-of-scope networks
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 2：
An organization wishes to implement multi-factor authentication for remote access, using the user's individual password and a digital certificate. Which of the following scenarios would meet PCI DSS requirements for multi-factor authentication?
A. A different certificate is assigned to each individual user account, and certificates are not shared
B. Certificates are logged so they can be retrieved when the employee leaves the company
C. Certificates are assigned only to administrative groups and not to regular users
D. Change control processes are in place to ensue certificates are changed every 90 days
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 3：
An entity accepts e-commerce payment card transactions and stores account data in a database The database server and the web server are both accessible from the Internet The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements7
A. The web server and the database server should be installed on the same physical server
B. The web server should be moved into the internal network
C. The database server should be relocated so that it is not accessible from untrusted networks
D. The database server should be moved to a separate segment from the web server to allow for more concurrent connections
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 4：
According to requirement 1, what is the purpose of "Network Security Controls?
A. Encrypt PAN when stored
B. Discover vulnerabilities and rank them
C. Manage anti-malware throughout the CDE.
D. Control network traffic between two or more logical or physical network segments.
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 5：
An entity wants to know if the Software Security Framework can be leveraged during their assessment Which of the following software types would this apply to?
A. Software developed by the entity in accordance with the Secure SLC Standard
B. Only software which runs on PCI PTS devices
C. Any payment software in the CDE
D. Validated Payment Applications that are listed by PCI SSC and have undergone a PA-DSS assessment
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 6：
Which of the following file types must be monitored by a change-detection mechanism (for example, a file-integrity monitoring tool)?
A. Security policy and procedure documents
B. Application vendor manuals
C. System configuration and parameter files
D. Files that regularly change
正解：C
解説: (Topexam メンバーにのみ表示されます)