U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PCI QSA_New_V4 Exam - Topic 5 Question 1 Discussion

An LDAP server providing authentication services to the cardholder data environment is_____________?
A) in scope for PCI DSS.
B) not In scope for PCI DSS.
C) in scope only if it stores, processes or transmits cardholder data.
D) in scope only if it provides authentication services to systems in the DMZ.

PCI QSA_New_V4 Exam - Topic 5 Question 1 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 1
Topic #: 5
[All QSA_New_V4 Questions]

An LDAP server providing authentication services to the cardholder data environment is_____________?

Show Suggested Answer Hide Answer
Suggested Answer: A

Scope of PCI DSS:

PCI DSS applies to all systems that store, process, or transmit cardholder data (CHD), as well as systems that can impact the security of the CDE. An LDAP server providing authentication services is considered a connected system that could impact the security of CHD and is therefore in scope.

Clarifications on Scope:

Systems like LDAP servers that do not directly handle CHD but provide critical services to the CDE (e.g., authentication) are in scope for PCI DSS.

Invalid Options:

B/C/D: Scoping is not limited to direct storage, processing, or transmission of CHD but includes systems that could affect the CDE's security.


by Galen at Feb 09, 2025, 10:33 PM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Arminda
7 months ago
No doubt, A is the way to go!
upvoted 0 times
...
Staci
7 months ago
Only if it handles card data, right?
upvoted 0 times
...
Cheryll
7 months ago
Wait, are we sure about that?
upvoted 0 times
...
Karina
7 months ago
I agree, A is the right choice!
upvoted 0 times
...
William
7 months ago
It's definitely in scope for PCI DSS.
upvoted 0 times
...
Callie
8 months ago
I thought all authentication services were in scope, but maybe there's an exception for those not handling cardholder data?
upvoted 0 times
...
Mammie
8 months ago
I feel like it might be in scope only if it handles cardholder data directly, but that seems a bit vague.
upvoted 0 times
...
Cruz
8 months ago
I remember a practice question about systems in the DMZ, but I can't recall if that applies here.
upvoted 0 times
...
Kanisha
8 months ago
I think the LDAP server is in scope for PCI DSS since it provides authentication, but I'm not entirely sure.
upvoted 0 times
...
Karol
8 months ago
This is a tricky one. I'll need to review the PCI DSS requirements and think about how they apply to authentication services. Gotta make sure I understand the scope correctly.
upvoted 0 times
...
Helaine
8 months ago
I'm pretty confident that the correct answer is C. The LDAP server would only be in scope if it stores, processes, or transmits cardholder data. I'll double-check the details, but I think that's the right approach.
upvoted 0 times
...
Maile
8 months ago
Okay, let's see. If the LDAP server is providing authentication services to the cardholder data environment, then it would be in scope. But if it's not, then it might not be. I'll have to carefully consider the options.
upvoted 0 times
...
Jess
8 months ago
Hmm, I'm a bit unsure about this one. I'll need to think through the different scenarios and how they relate to PCI DSS scope.
upvoted 0 times
...
Ricarda
8 months ago
I think the key here is to focus on whether the LDAP server is providing authentication services to the cardholder data environment. If it is, then it would be in scope for PCI DSS.
upvoted 0 times
...
Asha
1 year ago
C is the clear winner here. If the LDAP server isn't handling cardholder data, why would it be in scope for PCI compliance? Seems like a no-brainer to me.
upvoted 0 times
Tonja
1 year ago
D) in scope only if it provides authentication services to systems in the DMZ.
upvoted 0 times
...
Detra
1 year ago
C) in scope only if it stores, processes or transmits cardholder data.
upvoted 0 times
...
Osvaldo
1 year ago
B) not In scope for PCI DSS.
upvoted 0 times
...
Layla
1 year ago
C is the clear winner here. If the LDAP server isn't handling cardholder data, why would it be in scope for PCI compliance? Seems like a no-brainer to me.
upvoted 0 times
...
Desiree
1 year ago
A) in scope for PCI DSS.
upvoted 0 times
...
Melissa
1 year ago
A) in scope for PCI DSS.
upvoted 0 times
...
...
Christoper
1 year ago
But what if it only provides authentication services to systems in the DMZ? Would it still be in scope?
upvoted 0 times
...
Aaron
1 year ago
Haha, good thing I don't have to worry about PCI DSS in my job as a professional cat herder. But for those of you who do, C seems like the way to go.
upvoted 0 times
Kayleigh
1 year ago
C) in scope only if it stores, processes or transmits cardholder data.
upvoted 0 times
...
Deangelo
1 year ago
A) in scope for PCI DSS.
upvoted 0 times
...
...
Geraldo
1 year ago
I think it makes sense for it to be in scope, as it plays a crucial role in securing sensitive data.
upvoted 0 times
...
Nu
1 year ago
An LDAP server providing authentication services to the cardholder data environment is in scope for PCI DSS.
upvoted 0 times
...
Tarra
1 year ago
I think the correct answer is C. The LDAP server is only in scope if it's directly involved with cardholder data, otherwise it's not relevant to PCI DSS.
upvoted 0 times
Freeman
1 year ago
D) in scope only if it provides authentication services to systems in the DMZ.
upvoted 0 times
...
Evan
1 year ago
C) in scope only if it stores, processes or transmits cardholder data.
upvoted 0 times
...
Alberta
1 year ago
B) not In scope for PCI DSS.
upvoted 0 times
...
Rikki
1 year ago
A) in scope for PCI DSS.
upvoted 0 times
...
...

Save Cancel