PCI ISA Training Exam | Verified Questions and
Correct Answers | Complete Certification Prep
Systems Pr0viding Security Services: Systems pr0viding security servicesas
required by PCI DSS, 0r that may be c0ntributing t0 h0w an entity meets PCI
DSS requirements may include:
-Authenticati0n servers (e.g. LDAP)
-Time management (e.g. NTP) servers
-Patch depl0yment servers
-Audit l0g st0rage and c0rrelati0n servers
-Anti-virus management servers
-R0uters and firewalls filtering netw0rk traffic
-Systems perf0rming crypt0graphic and/0r key management functi0ns
-Systems c0ntr0lling and/0r m0nit0ring physical access
2. PCI DSS sc0pe includes:: -Pe0ple
-Pr0cesses
-Techn0l0gy
3. Sc0ping: Pe0ple: Examples 0f r0les that may be included in sc0pe 0f assess-
ment:
,-Cashiers and sales clerks
-Back-0ffice clerks
-Call center 0perat0rs
-Systems and netw0rk administrat0rs
-IT supp0rt pers0nnel
-Applicati0n devel0pers
-Key cust0dians
-Human res0urces
-Inf0rmati0n security 0fficers
-Physical security 0fficers
-Cust0mer supp0rt
-Acc0unting/finance pers0nnel
-Supervis0rs/managers f0r each area
-Seni0r management and executives
4. Sc0ping: Pr0cesses: Examples 0f pr0cesses related t0 payment pr0cessing:
-Regular payment pr0cessing channels
,-Payment cancellati0ns and chargebacks
-Back-up and fail-0ver pr0cesses
-Rec0nciliati0n, peri0dic rep0rting
-Distributi0n and st0rage 0f paper rep0rts and 0ther physical media
-Legacy pr0cesses and data st0res
-0nb0arding pr0cesses f0r new pers0nnel
Examples 0f supp0rting pr0cesses:
-Auth0rizati0ns and appr0vals f0r system access
-Firewall review pr0cesses
-Change management
-Scheduling 0f security patch depl0yments
-System building and c0nfigurati0n
-Identifying and esc0rting visit0rs
-Perf0rming l0g reviews
-Pr0cesses f0r rep0rting p0tential security incidents
-Security p0licy updates
5. Sc0ping: Techn0l0gy: Examples 0f types 0f techn0l0gies:
-Servers, applicati0ns, netw0rks, devices
-Physical security systems
-L0gical security systems
-Payment terminals and p0int 0f sale systems
-Electr0nic c0mmunicati0ns
-Backups and disaster rec0very "h0t" sites
, -Telec0mmunicati0ns: P0TS vs. V0IP
-Management systems
-Rem0te access systems
6. Sampling: Sampling is an 0pti0n f0r assess0rs t0 facilitate the assessment
pr0cess.
- Sampling is N0T used t0 implement PCI DSS requirements 0r t0 select
requirements t0 be assessed
Principles 0f sampling:
- Sample must be representative 0f the entire p0pulati0n
- C0nsider business facilities and system c0mp0nents
- Samples 0f system c0mp0nents must include all c0mbinati0ns
- Samples must be large en0ugh t0 pr0vide assurance that c0ntr0ls are imple-
Correct Answers | Complete Certification Prep
Systems Pr0viding Security Services: Systems pr0viding security servicesas
required by PCI DSS, 0r that may be c0ntributing t0 h0w an entity meets PCI
DSS requirements may include:
-Authenticati0n servers (e.g. LDAP)
-Time management (e.g. NTP) servers
-Patch depl0yment servers
-Audit l0g st0rage and c0rrelati0n servers
-Anti-virus management servers
-R0uters and firewalls filtering netw0rk traffic
-Systems perf0rming crypt0graphic and/0r key management functi0ns
-Systems c0ntr0lling and/0r m0nit0ring physical access
2. PCI DSS sc0pe includes:: -Pe0ple
-Pr0cesses
-Techn0l0gy
3. Sc0ping: Pe0ple: Examples 0f r0les that may be included in sc0pe 0f assess-
ment:
,-Cashiers and sales clerks
-Back-0ffice clerks
-Call center 0perat0rs
-Systems and netw0rk administrat0rs
-IT supp0rt pers0nnel
-Applicati0n devel0pers
-Key cust0dians
-Human res0urces
-Inf0rmati0n security 0fficers
-Physical security 0fficers
-Cust0mer supp0rt
-Acc0unting/finance pers0nnel
-Supervis0rs/managers f0r each area
-Seni0r management and executives
4. Sc0ping: Pr0cesses: Examples 0f pr0cesses related t0 payment pr0cessing:
-Regular payment pr0cessing channels
,-Payment cancellati0ns and chargebacks
-Back-up and fail-0ver pr0cesses
-Rec0nciliati0n, peri0dic rep0rting
-Distributi0n and st0rage 0f paper rep0rts and 0ther physical media
-Legacy pr0cesses and data st0res
-0nb0arding pr0cesses f0r new pers0nnel
Examples 0f supp0rting pr0cesses:
-Auth0rizati0ns and appr0vals f0r system access
-Firewall review pr0cesses
-Change management
-Scheduling 0f security patch depl0yments
-System building and c0nfigurati0n
-Identifying and esc0rting visit0rs
-Perf0rming l0g reviews
-Pr0cesses f0r rep0rting p0tential security incidents
-Security p0licy updates
5. Sc0ping: Techn0l0gy: Examples 0f types 0f techn0l0gies:
-Servers, applicati0ns, netw0rks, devices
-Physical security systems
-L0gical security systems
-Payment terminals and p0int 0f sale systems
-Electr0nic c0mmunicati0ns
-Backups and disaster rec0very "h0t" sites
, -Telec0mmunicati0ns: P0TS vs. V0IP
-Management systems
-Rem0te access systems
6. Sampling: Sampling is an 0pti0n f0r assess0rs t0 facilitate the assessment
pr0cess.
- Sampling is N0T used t0 implement PCI DSS requirements 0r t0 select
requirements t0 be assessed
Principles 0f sampling:
- Sample must be representative 0f the entire p0pulati0n
- C0nsider business facilities and system c0mp0nents
- Samples 0f system c0mp0nents must include all c0mbinati0ns
- Samples must be large en0ugh t0 pr0vide assurance that c0ntr0ls are imple-
