Exam Assessor_New_V4 Topic 1 Question 28 Discussion

Actual exam question for PCI SSC's Assessor_New_V4 exam
Question #: 28
Topic #: 1
A sample of business facilities is reviewed during the PCI DSS assessment What is the assessor required to validate about the sample?

Suggested Answer: D Vote an answer

Explanation
The PCI DSS requires that the assessor validates that the sample of business facilities is representative of the entire population of facilities that are in scope for the assessment. According to the PCI DSS Requirement
12.8.5, "Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity." Furthermore, according to the PCI DSS Requirement 12.9.1, "For service providers, provide the written agreement/acknowledgment to their customers as specified at Requirement
12.8.2." Therefore, the scenario that meets the PCI DSS requirements for validating the sample of business facilities is theone where all types and locations of facilities are represented, to ensure that the assessment covers the diversity and complexity of the card production environment. The other scenarios either do not account for the variability of the facilities, or do not follow the sampling methodology defined by the PCI DSS. References: PCI DSS v3.2.1, Card Production Security Assessor - Physical - Credly

by Asa at Jan 29, 2025, 06:25 PM

Limited Time Offer

15%

Off

Get Premium Assessor_New_V4 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.