Question No 1

Which of the following is true regarding internal vulnerability scans?

Choose the Choices:

They must be performed after a significant change.

They must be performed by an Approved Scanning Vendor (ASV).

They must be performed by QSA personnel.

They must be performed at least annually.

Question No 2

An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TR A. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?

Choose the Choices:

You can assess the customized control, but another assessor must verify that you completed the TRA correctly.

You can assess the customized control and verify that the customized approach was correctly followed, but you must document this in the ROC.

You must document the work on the customized control in the ROC, but you can not assess the control or the documentation.

Assessors are not allowed to assist an entity with the completion of the Controls Matrix or the TRA.

Question No 3

Security policies and operational procedures should be?

Choose the Choices:

Question No 4

Which of the following is true regarding compensating controls?

Choose the Choices:

A compensating control is not necessary if all other PCI DSS requirements are in place.

A compensating control must address the risk associated with not adhering to the PCI DSS requirement.

An existing PCI DSS requirement can be used as compensating control if it is already implemented.

A compensating control worksheet is not required if the acquirer approves the compensating control.

Question No 5

Where an entity under assessment is using the customized approach, which of the following steps is the responsibility of the assessor?

Choose the Choices:

Monitor the control.

Derive testing procedures and document them in Appendix E of the ROC.

Document and maintain evidence about each customized control as defined in Appendix E of PCI DSS.

Perform the targeted risk analysis as per PCI DSS requirement 12.3.2.

Practice PCI QSA_New_V4 Exam Questions

Question No 1

Question No 2

Question No 3

Question No 4

Question No 5

QSA_New_V4 Exam Features

QSA_New_V4 PDF Dumps