According to the glossary, "bespoke and custom software” describes which type of software?
Which of the following file types must be monitored by a change-detection mechanism (e.g., a file-integrity monitoring tool)?
An LDAP server providing authentication services to the cardholder data environment is?
An entity wants to use the Customized Approach. They are unsure how to complete the Controls Matrix or TRA. During the assessment, you spend time completing the Controls Matrix and the TRA, while also ensuring that the customized control is implemented securely. Which of the following statements is true?
Which of the following describes the intent of installing one primary function per server?
An entity wants to know if the Software Security Framework can be leveraged during their assessment. Which of the following software types would this apply to?
At which step in the payment transaction process does the merchant's bank pay the merchant for the purchase, and the cardholder's bank bill the cardholder?
An entity is using custom software in their CDE. The custom software was developed using processes that were assessed by a Secure Software Lifecycle assessor and found to be fully compliant with the Secure SLC standard. What impact will this have on the entity’s PCI DSS assessment?
Which statement is true regarding the use of intrusion detection techniques, such as intrusion detection systems and/or intrusion protection systems (IDS/IPS)?
An internal NTP server that provides time services to the Cardholder Data Environment is?