What would be an appropriate strength for the key-encrypting key (KEK) used to protect an AES 128-bit data-encrypting key (DEK)?
An entity accepts e-commerce payment card transactions and stores account data in a database. The database server and the web server are both accessible from the Internet. The database server and the web server are on separate physical servers. What is required for the entity to meet PCI DSS requirements?
Which of the following is required to be included in an incident response plan?
If an entity shares cardholder data with a TPSP, what activity is the entity required to perform?
Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?
Which of the following meets the definition of "quarterly" as Indicated In the description of timeframes used In PCI DSS requirements?
What must be included in an organization's procedures for managing visitors?
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?
Which of the following parties is responsible for completion of the Controls Matrix for the Customized Approach?
A network firewall has been configured with the latest vendor security patches. What additional configuration is needed to harden the firewall?
Which of the following file types must be monitored by a change-detection mechanism (for example, a file-integrity monitoring tool)?
Which of the following describes the intent of installing one primary function per server?
What process is required by PCI DSS for protecting card-reading devices at the point-of-sale?