PCI Exam QSA_New_V4 Topic 5 Question 1 Discussion

Actual exam question for PCI's QSA_New_V4 exam

Question #: 1
Topic #: 5

[All QSA_New_V4 Questions]

An LDAP server providing authentication services to the cardholder data environment is_____________?

Ain scope for PCI DSS.

Bnot In scope for PCI DSS.

Cin scope only if it stores, processes or transmits cardholder data.

Din scope only if it provides authentication services to systems in the DMZ.

Show Suggested Answer

Suggested Answer: A

Scope of PCI DSS:

PCI DSS applies to all systems that store, process, or transmit cardholder data (CHD), as well as systems that can impact the security of the CDE. An LDAP server providing authentication services is considered a connected system that could impact the security of CHD and is therefore in scope.

Clarifications on Scope:

Systems like LDAP servers that do not directly handle CHD but provide critical services to the CDE (e.g., authentication) are in scope for PCI DSS.

Invalid Options:

B/C/D: Scoping is not limited to direct storage, processing, or transmission of CHD but includes systems that could affect the CDE's security.

by Galen at Feb 09, 2025, 10:33 PM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

1 months ago

I think the correct answer is C. The LDAP server is only in scope if it's directly involved with cardholder data, otherwise it's not relevant to PCI DSS.

upvoted 0 times