PCI ISA Training Test Questions 2023

Systems Providing Security Services - Systems providing security services as required by PCI DSS, or that may be contributing to how an entity meets PCI DSS requirements may include: -Authentication servers (e.g. LDAP) -Time management (e.g. NTP) servers -Patch deployment servers -Audit log storage and correlation servers -Anti-virus management servers -Routers and firewalls filtering network traffic -Systems performing cryptographic and/or key management functions -Systems controlling and/or monitoring physical access PCI DSS scope includes: - -People -Processes -Technology Scoping: People - Examples of roles that may be included in scope of assessment: -Cashiers and sales clerks -Back-office clerks -Call center operators -Systems and network administrators -IT support personnel -Application developers -Key custodians -Human resources -Information security officers -Physical security officers -Customer support -Accounting/finance personnel -Supervisors/managers for each area -Senior management and executives