PCI DSS Ambiguities and How to Overcome Them

In a video over at the SearchSecurity site, Ed talks about the:

questions that pose the greatest challenge to enterprises as they struggle to interpret the requirements; outlines recent and upcoming clarifications from the PCI Security Standards Council; and discuss strategies used in the field to reduce the complexity.

Does “one function per server” mean that we can’t use virtualization?
Must our penetration testing and/or quarterly scanning cover everything or just the cardholder environment?
If we miss one of our quarterly scans, does that mean we need to wait a full year to be compliant?
The requirements state individuals with a “legitimate business need” can view PANs. What does that mean?