CAS-004 Free Practice Test

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

1. A. PAN
2. B. CVV2
3. C. Cardholder name
4. D. expiration date

Correct Answer: A

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

1. A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewal
2. B. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit claus
3. C. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.
4. D. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all supplier
5. E. Store findings from the reviews in a database for all other business units and risk teams to reference.
6. F. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
7. G. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’sratin
8. H. Report finding units that rely on the suppliers and the various risk teams.

Correct Answer: A

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

1. A. Accept
2. B. Avoid
3. C. Transfer
4. D. Mitigate

Correct Answer: D

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.
Which of the following should the engineer report as the ARO for successful breaches?

1. A. 0.5
2. B. 8
3. C. 50
4. D. 36,500

Correct Answer: A

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.
Which of the following commands would be the BEST to run to view only active Internet connections?

1. A. sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’
2. B. sudo netstat -nlt -p | grep “ESTABLISHED”
3. C. sudo netstat -plntu | grep -v “Foreign Address”
4. D. sudo netstat -pnut -w | column -t -s $’\w’
5. E. sudo netstat -pnut | grep -P ^tcp

Correct Answer: E