QUESTION:78Existing PCI DSS requirements may be combined with new controls to become a compensatingcontrol.B
QUESTION:79The use of two-factor authentication is NOT a requirement on PCI DSS v3 for remote networkaccess originating from outside the network by personnel and all third parties.A
QUESTION:80For initial PCI DSS compliance, it’s not required that four quarters of passing scans must becompleted if the assessor verifies that 1) the most recent scan result was a passing scan, 2) theentity has documented policies and procedures requiring quarterly scanning, and 3)vulnerabilities noted in the scan results have been corrected as shown in a re-scan(s).
