PrepAway - Latest Free Exam Questions & Answers

What components are in the scope of PCI-DSS?

A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant
handheld credit card processing on their Wireless Local Area Network (WLAN) topology.
The network team partitioned the WLAN to create a private segment for credit card processing using
a firewall to control device access and route traffic to the card processor on the Internet. What
components are in the scope of PCI-DSS?

PrepAway - Latest Free Exam Questions & Answers

A.
The entire enterprise network infrastructure.

B.
The handheld devices, wireless access points and border gateway.

C.
The end devices, wireless access points, WLAN, switches, management console, and firewall.

D.
The end devices, wireless access points, WLAN, switches, management console, and Internet

5 Comments on “What components are in the scope of PCI-DSS?

  1. Zaki says:

    B. is the Answer. PCI says any component that is directly accessing or procession information about Credit Cards is under the scope. WLAN is not a physical component as such and switches are not mentioned in the question. The only 3 components as per the question are the handheld device (Direct access to Credit card data), WAP (Indirect Access as it process the data like forwarding), Gateway which is used to access internet.




    0



    0
    1. dre says:

      The firewall is mentioned in the question. It’s used to “control device access and route traffic to the card processor on the Internet” as per the question. This makes me agree with answer C.




      0



      0
  2. nobody says:

    Answer should be C.

    The first step of a PCI DSS compliance effort is to accurately determine the scope of the environment.

    The scoping process includes identifying all system components that are located within or connected to the cardholder data environment. The cardholder data environment is comprised of people, processes, and technology that handle cardholder data or sensitive authentication data. System components include network devices (both wired and wireless), servers and applications. Virtualization components, such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors, are also considered system components within PCI DSS.




    0



    0

Leave a Reply