QSA Quick shot!

Question 1

What are the 3 continual processes of QSA?

Answer 1

Assess, Report, Remediate

Question 2

What requirements are needed to build and maintain a secure network?

Answer 2

1) Install and maintain a firewall configuration to protect cardholder data
2) Do Not use vendor supplied default passwords and other security parameters

Question 3

What requirements are needed to protect cardholder data?

Answer 3

3) Protect stored cardholder data

4) Encrypt transmission of cardholder data across open, public networks

Question 4

What is needed to maintain a vulnerability management program

Answer 4

5) use and regularly update anti-virus software or programs

6) develop and maintain secure systems and applications

Question 5

How do you implement strong access control measures?

Answer 5

7) Restrict access to cardholder data by business need-to-know
8) Assign unique IDs to each person with computer access
9) Restrict physical access to cardholder data

Question 6

How do you regularly monitor and test networks?

Answer 6

10) track and monitor all access to network resources and cardholder data
11) regularly test security systems and processes

Question 7

What is required to maintain an info sec policy?

Answer 7

12) Maintain a policy that addresses information security for employees and contractors.

Question 8

What is the validation tool for organizations to get a rough idea of how they are doing with card security?

Answer 8

the Self- Assessment Questionnaire. (SAQ)

Question 9

What is a PAN?

Answer 9

The Primary Account Number on the card.

Question 10

What is the CID?

Answer 10

A unique identifier to the particular card. American Express only.

Question 11

Which goal does the establishment of firewall and router configurations support?

Answer 11

Goal 1: Install and maintain a firewall and router configuration to protect cardholder data

Question 12

What Cardholder data requires PCI DSS Req 3.4?

Answer 12

the Primary Account Number (PAN)

Question 13

What is considered Sensitive Au Data?

Answer 13

full Track data (stripe), CAV2, CVC2, CVV, CID, PINs/ PIN Blocks

Question 14

What is the defining factor for cardholder data?

Answer 14

PAN or primary account number (the number on the card

Question 15

What is the scope of cardholder data environment?

Answer 15

People, processes, and technologies that store process or transmit CH data or Au Data

Question 16

What is segmenting?

Answer 16

isolating portions of the network through FWs, ACLs, Etc. Not currently required by the DSS

Question 17

What goal does requirement 10 support?

Answer 17

Regularly Monitor and Test networks

Question 18

What goal does requirement 12 support?

Answer 18

Maintain an Info Sec. Policy

Question 19

What goal does requirement 1 support?

Answer 19

Build and Maintain a Secure Network

Question 20

What goal does requirement 11 support?

Answer 20

Regularly Monitor and Test Networks

Question 21

What Goal does requirement 2 support?

Answer 21

Build and Maintain a Secure network

Question 22

What goal does requirement 10 support?

Answer 22

Regularly Monitor and Test Networks

Question 23

What goal does requirement 3 support?

Answer 23

Protect Cardholder data

Question 24

What goal does requirement 9 support

Answer 24

Implement Strong Access Control Measures

Question 25

What goal does requirement 4 support?

Answer 25

Protect Card holder data

Question 26

What goal does requirement 8 support?

Answer 26

Implement Strong Access Control Measures

Question 27

What goal does requirement 5 support

Answer 27

Maintain a vulnerability management program

Question 28

What goal does requirement 7 support?

Answer 28

Implement Strong Access Control Measures

Question 29

What goal does requirement 6 support?

Answer 29

Maintain a vulnerability management program

Question 30

What is the periodicity for the Continuous Process Timeline?

Answer 30

Annually, (with community meetings in Septeber/ October each year)

Question 31

What is the periodicity for the PCI-DSS Life cycle?

Answer 31

Every 3 years