Pa-dss Quiz January 2013

The given statement is true because secure coding practices involve various measures to protect the integrity and confidentiality of communications. This includes using encryption and secure protocols to ensure that data is transmitted securely. Additionally, cryptographic storage techniques are employed to safeguard sensitive information such as passwords or credit card details. Furthermore, secure coding involves implementing input validation and sanitization techniques to prevent injection attacks and buffer overflow vulnerabilities, which can be exploited by malicious actors to gain unauthorized access or execute arbitrary code. Therefore, the statement accurately describes the key aspects of secure coding.

To reduce the risk of PAN's being recovered by fraudsters, the PAN in logs is truncated, typicallyt the first 6 and last 4 digits (i.e. ******7890123****)

Sensitive authentication data must not be stored after authorization (even if encrypted).

Secure Delete consists of multiple steps: 1. Overwriting contents with random numbers 2. Rewriting with zeros 3. Unlinking from file system

Regular payment application encryption key rotation is necessary to reduce the likelihood of a fraudster guessing the key through a brute force attack. In the context of PCI, manual key changes require the involvement of 2 or more key custodians to ensure security. However, if the key change process is automated through software, the involvement of multiple key custodians is not necessary. Therefore, the statement that regular payment application encryption key rotation helps mitigate the risk of key guessing and that multiple key custodians are not required for automated key changes is true.