Exam QSA_New_V4 Topic 1 Question 26 Discussion
Actual exam question for PCI SSC's QSA_New_V4 exam
Question #: 26
Topic #: 1
Question #: 26
Topic #: 1
An internal NTP server that provides time services to the Cardholder Data Environment is?
Suggested Answer: D Vote an answer
Scope definition in PCI DSS v4.0.1 (Section 4)includesany system that can impact the security of the CDE.
Time synchronization servers such asNTParecritical to log integrity(Requirement 10.6), and if they provide services to CDE systems,they are in scopeeven if they do not directly process cardholder data.
* Option A:#Incorrect. Scope is broader than just databases.
* Option B:#Incorrect. Time serversimpact log security, so they are in scope.
* Option C:#Incorrect. PCI DSS scope includes systems thataffect the securityof CDE, not just those storing card data.
* Option D:#Correct. Internal NTP servers providing services to the CDE arein scope.
References:
PCI DSS v4.0.1 - Section 4: Scope of PCI DSS Requirements;
Requirement 10.6.1.1.
Time synchronization servers such asNTParecritical to log integrity(Requirement 10.6), and if they provide services to CDE systems,they are in scopeeven if they do not directly process cardholder data.
* Option A:#Incorrect. Scope is broader than just databases.
* Option B:#Incorrect. Time serversimpact log security, so they are in scope.
* Option C:#Incorrect. PCI DSS scope includes systems thataffect the securityof CDE, not just those storing card data.
* Option D:#Correct. Internal NTP servers providing services to the CDE arein scope.
References:
PCI DSS v4.0.1 - Section 4: Scope of PCI DSS Requirements;
Requirement 10.6.1.1.
by Bing at Jun 08, 2026, 05:54 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).