CSC CSC - Cybersecurity Compliance PCI DSS Payment Card Security Questions and Answers 2

Question 1

PCI DSS Requirement 1 focuses on which security control category?

Accepted Answer

Installing and maintaining network security controls

Answer

Requirement 1 requires organizations to install and maintain firewalls and other network security controls to protect the CDE.

Question 2

Under PCI DSS, what is the maximum number of digits that may be displayed when masking a primary account number (PAN)?

Accepted Answer

The first six and last four digits

Answer

PCI DSS allows displaying the first six and last four digits of a PAN; all other digits must be masked.

Question 3

Which cryptographic approach does PCI DSS recommend for protecting PANs stored in databases?

Accepted Answer

Strong one-way hash functions or strong encryption

Answer

PCI DSS requires strong cryptography such as AES-256 or NIST-approved one-way hashes to render stored PAN data unreadable.

Question 4

What does PCI DSS Requirement 6 specifically require organizations to do?

Accepted Answer

Develop and maintain secure systems and software

Answer

Requirement 6 mandates a secure software development lifecycle, including vulnerability management and patch deployment for all systems in scope.

Question 5

How often must PCI DSS-compliant organizations perform internal vulnerability scans of their CDE?

Accepted Answer

At least quarterly

Answer

PCI DSS requires internal vulnerability scans to be performed at least quarterly and after any significant changes to the environment.

(CSC) Cybersecurity Compliance Certification Practice Test