PCI ISA Training EXAM WITH COMPLETE SOLUTIONS
Scoping Review Systems Providing Security Services Systems providing security services as required by PCI DSS, or that may be contributing to how an entity meets PCI DSS requirements may include: -Authentication servers (e.g. LDAP) -Time management (e.g. NTP) servers -Patch deployment servers -Audit log storage and correlation servers -Anti-virus management servers -Routers and firewalls filtering network traffic -Systems performing cryptographic and/or key management functions -Systems controlling and/or monitoring physical access PCI DSS scope includes: -People -Processes -Technology Scoping: People Examples of roles that may be included in scope of assessment: -Cashiers and sales clerks -Back-office clerks -Call center operators -Systems and network administrators -IT support personnel -Application developers -Key custodians -Human resources -Information security officers -Physical security officers -Customer support -Accounting/finance personnel -Supervisors/managers for each area -Senior management and executives Scoping: Processes Examples of processes related to payment processing: -Regular payment processing channels -Payment cancellations and chargebacks -Back-up and fail-over processes -Reconciliation, periodic reporting -Distribution and storage of paper reports and other physical media -Legacy processes and data stores -Onboarding processes for new personnel Examples of supporting processes: -Authorizations and approvals for system access -Firewall review processes -Change management -Scheduling of security patch deployments -System building and configuration -Identifying and escorting visitors -Performing log reviews -Processes for reporting potential security incidents -Security policy updates Scoping: Technology Examples of types of technologies: -Servers, applications, networks, devices -Physical security systems -Logical security systems -Payment terminals and point of sale systems -Electronic communications -Backups and disaster recovery "hot" sites -Telecommunications: POTS vs. VoIP -Management systems -Remote access systems
Written for
- Institution
- PCI ISA Training
- Course
- PCI ISA Training
Document information
- Uploaded on
- March 31, 2023
- Number of pages
- 28
- Written in
- 2022/2023
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
pci isa training exam with complete solutions
