← Back to exam page

qpa_n QPA_NQualified PIN Assessor (QPA New)

Loading demo links...

Showing 7–9 of 10 questions

Question 7

Which of the following are required actions for logging and monitoring access to cardholder data?

Select all that apply, then click Submit answer.

  • Logging all access attempts, including failures

  • Encrypting log files

  • Reviewing logs at least daily

  • Retaining logs for a minimum of one year

  • Allowing modification of logs by administrators
Question 8

Which of the following practices are necessary for maintaining a secure software development lifecycle (SDLC)?

Select all that apply, then click Submit answer.

  • Defining security requirements at the outset

  • Performing regular security testing

  • Storing source code in a public repository

  • Conducting security training for developers

  • Documenting security defects and their resolution
Question 9

Which of the following measures are necessary for protecting cardholder data during transmission over open, public networks?

Select all that apply, then click Submit answer.

  • Using strong cryptographic protocols such as TLS

  • Encrypting data at the application layer

  • Implementing secure sockets layer (SSL)

  • Regularly updating encryption algorithms

  • Transmitting PAN in plaintext emails