An LDAP server providing authentication services to the cardholder data environment is

ASSESSOR_NEW_V4 0 Comments

An LDAP server providing authentication services to the cardholder data environment is
A . in scope for PCI DSS.
B . not in scope for PCI DSS
C . in scope only if it stores processes or transmits cardholder data
D . in scope only if it provides authentication services to systems in the DMZ

Answer: A

Explanation:

An LDAP server is a type of directory service that provides authentication and authorization data to the cardholder data environment (CDE)1. According to the PCI DSS scoping and segmentation guidance2, any system that provides a security service to the CDE, such as authentication, is considered a connected or security-impacting system (Category 2) and is in scope for PCI DSS. This is because such systems can affect the security and controls of the CDE and the cardholder data (CHD) or sensitive authentication data (SAD) that it contains. Therefore, an LDAP server providing authentication services to the CDE is in scope for PCI DSS, regardless of whether it stores, processes, or transmits CHD or SAD, or whether it provides authentication services to systems in the DMZ or not. References: Guidance for PCI DSS Scoping and Network Segmentation

What Are the Effects of Using Active Directory as a Shared Service on PCI Compliance? The Ultimate Guide To PCI DSS Scoping and Segmentation LDAP – PCI Security Standards Council

Latest ASSESSOR_NEW_V4 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download ASSESSOR_NEW_V4 PDF     ASSESSOR_NEW_V4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments