[May-2022] Latest PCI PCIP3.0 exam dumps and online Test Engine [Q48-Q65]

Rate this post

[May-2022] Latest PCI PCIP3.0 exam dumps and online Test Engine

PCI PCIP3.0: Selling PCI Certification Products and Solutions

NEW QUESTION 48
The implementation of a Security Awareness Program (Requirement 12.6) requires that personnel must be educated upon hire and at least

Yearly

Quarterly

Every 6 months

Monthly

NEW QUESTION 49
Passwords/Passphrases should not be allowed if the same of the last ____ used passwords/passphrases.
(Requirement 8.2.5)

NEW QUESTION 50
Requirement 3.5 requires document and implement procedures to protect keys used to secure stored cardholder data against disclose and misuse. This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys. Such key-encrypting keys must be

at least as strong as the data-encrypting keys

less stronger as the data-encrypting keys

stored at the same location of the data-encrypting key

stronger than the data-encrypting keys

NEW QUESTION 51
The P2PE Standard covers:

Encryption, decryption, and key management requirements for point-to-point encryption solutions

Secure payment applications for processing transactions

Mechanisms used to protect the PIN and encrypted PIN blocks

Physical security requirements for manufacturing payment cards

NEW QUESTION 52
Which statement is true regarding sensitive authentication data?

Sensitive data is required for recurring transactions

Sensitive authentication data includes PAN and service code

Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card

Encrypt sensitive authentication data removes it from PC DSS scope

NEW QUESTION 53
According to Requirement 10.4 the use of Time synchronization like NTP should be implemented on all critical systems for acquiring, distributing, and storing time.

False

True

NEW QUESTION 54
What is the Appendix B on PCI DSS 3.0?

Compensating Controls

Additional PCI DSS Requirements for Shared Hosting Providers

Compensating Controls Worksheet

Segmentation and Sampling of Business Facilities/System Components

NEW QUESTION 55
Requirement 8.2.3 states that passwords/phrases must contain both numeric and alphabetic characters and a minimum length of at least

7 characters

6 characters

8 characters

14 characters

NEW QUESTION 56
The use of Tokenization can eliminate the need for PCI Compliance

True

False

NEW QUESTION 57
Do not use vendor-supplied defaults for system passwords and other security parameters is the
___________

Requirement 4

Requirement 3

Requirement 1

Requirement 2

NEW QUESTION 58
PCI compliance do not apply on Virtualized environments

True

False

NEW QUESTION 59
An user should be required to re-authenticate to activate the terminal or session if it’s been idle for more than

30 minutes

10 minutes

15 minutes

60 minutes

NEW QUESTION 60
In order to be considered a compensating control, which of the following must exist:

A legitimate technical constraint and a documented business constraint

A documented business constraint

A legitimate technical constraint or a documented business constraint

A legitimate technical constraint

NEW QUESTION 61
Maintain a policy that addresses information security for all personnel is the ________

Requirement 11

Requirement 12

Requirement 10

Requirement 9

NEW QUESTION 62
All users and administrators access to, queries and actions on databases must be through programmatic methods only. Never direct access or queries to database

False

True

NEW QUESTION 63
In the event of a violation of the PCIP Qualification Requirements, disciplinary actions for PCIPs could include:

Verbal warning, one-off fine, revocation

Written warning, remediation, monthly fines

Verbal warning, suspension, monthly fines

Written warning, suspension, revocation

NEW QUESTION 64
Restrict access to cardholder data by business need-to-know

Requirement 7

Requirement 9

Requirement 10

Requirement 8