1) Securing system components that store cardholder data in an internal network zone that is segregated from the DMZ and other untrusted networks by a firewall can prevent unauthorized network traffic from reaching the system component. a) 1.3.3 b) 1.3.2 c) 1.3.1 d) 1.3.5 e) 1.3.6 f) 1.3.4 2) All traffic outbound from the cardholder data environment should be evaluated to ensure that it follows established, authorized rules. a) 1.3.3 b) 1.3.7 c) 1.3.1 d) 1.3.5 e) 1.3.6 f) 1.3.4 3) If direct access is allowed between public systems and the CDE, the protections offered by the firewall are bypassed, and system components storing cardholder data may be exposed to compromise. a) 1.3 b) 1.1 c) 1.2 d) 1.4 e) 1.5 4) A firewall that maintains the "state" (or the status) for each connection through the firewall knows whether an apparent response to a previous connection is actually a valid, authorized response (since it retains each connection’s status) or is malicious trafficp9 a) 1.3.3 b) 1.3.2 c) 1.3.7 d) 1.3.5 e) 1.3.6 f) 1.3.4 5) Restricting the disclosure of internal or private IP addresses is essential to prevent a hacker “learning” the IP addresses of the internal network, and using that information to access the network. a) 1.3.3 b) 1.3.2 c) 1.3.7 d) 1.3.5 e) 1.3.6 f) 1.3.4 6) This functionality is intended to prevent malicious individuals from accessing the organization's internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner. a) 1.2.1 b) 1.3.2 c) 1.3.1 d) 1.3.4 e) 1.3.6 f) 1.1.7 7) Filtering packets coming into the network helps to, among other things, ensure packets are not “spoofed” to look like they are coming from an organization’s own internal network. a) 1.3.3 b) 1.3.2 c) 1.3.1 d) 1.3.5 e) 1.3.6 f) 1.3.4

PCI DSS Requirment 1.3 Guidance

列印
嵌入

排行榜

視覺風格

選項

切換範本

恢復自動保存: ?