An internal NTP server that provides time services to the Cardholder Data Environment is?
A sample of business facilities is reviewed during the PCI DSS assessment. What is the assessor required to validate about the sample?
According to Requirement 1, what is the purpose of “Network Security Controls"?
Which scenario meets PCI DSS requirements for critical systems to have correct and consistent time?
At which step in the payment transaction process does the merchant's bank pay the merchant for the purchase, and the cardholder's bank bill the cardholder?
Could an entity use both the Customized Approach and the Defined Approach to meet the same requirement?
What process is required by PCI DSS for protecting card-reading devices at the point-of-sale?
An organization has implemented a change-detection mechanism on their systems. How often must critical file comparisons be performed?
Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?
A "Partial Assessment" is a new assessment result. What is a “Partial Assessment"?
Which of the following parties is responsible for completion of the Controls Matrix for the Customized Approach?
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?