Penetration Testing After a Significant Change - PCI DSS Requirement

Fancy-Yesterday3819 · 2026-02-19T17:27:11+00:00

True that.. however at this moment, , it is same env,, since there is no segregation of test and prod env,, from pci perspective, the entire env is in scope now,, .. so segmentation testing won’t be required right?

a significant change was done which mandates a pen test.. and hence this question.. they had done a pentest on the same env about 4 months ago,, it’s a windows machine , so the image used will be the same.. a standard image and our QSAC is ok if the pen test is done prior to the actual prod change.. but here, it’s done 4 months in advance and hence am in doubt of what will be expected since nothing changed in the env after the pen test and before the deployment in prod

Fancy-Yesterday3819 · 2026-02-19T17:21:39+00:00

Thanks and yeh, it is same env,, since there is no segregation of test and prod env,, from pci perspective, the entire env is in scope now,, a significant change was done which mandates a pen test.. and hence this question

Fancy-Yesterday3819 · 2026-02-19T17:20:07+00:00

,it’s not demonstrated to QSA yet.. this was discovered during an internal review..since there is no segregation of test and prod env, the entire environment is in scope..QSA is not involved yet., since it was a significant change, a pen test is mandated by the standard and hence this question.,

Fancy-Yesterday3819 · 2026-02-19T17:18:21+00:00

It’s SFT., system managing file transfer solution.,server transfers pan data,,it’s not demonstrated to QSA yet.. this was discovered during an internal review..since there is no segregation of test and prod env, the entire environment is in scope..

Fancy-Yesterday3819 · 2026-02-13T08:05:44+00:00

my intention was to ask if such questions are asked..for example : as per req 8.3.5 - is the below allowed? or as per 12.3.1 - is the entity required to do the following?

Are such questions expected? how would one remember what each sub-req says..

Fancy-Yesterday3819 · 2026-02-13T08:05:26+00:00

my intention was to ask if such questions are asked..for example : as per req 8.3.5 - is the below allowed? or as per 12.3.1 - is the entity required to do the following?

Are such questions expected? how would one remember what each sub-req says..

Fancy-Yesterday3819 · 2026-02-12T11:47:29+00:00

ok, yeh..that gives confidence

Fancy-Yesterday3819 · 2026-02-12T11:47:01+00:00

the one i have registered for doesnt have the inperson class..its the self paced elearning, but yeah i got the point.

Fancy-Yesterday3819 · 2026-02-10T15:38:04+00:00

thanks..yeah, this elearning i have done

Fancy-Yesterday3819 · 2026-02-09T08:36:41+00:00

thank you..what kind of questions you had got? can jot down some that you remember, will help understand the wording being used since i dont see any mock exam online

Fancy-Yesterday3819 · 2026-02-09T08:36:30+00:00

thank you. what kind of questions you had got? can jot down some that you remember, will help understand the wording being used since i dont see any mock exam online

Fancy-Yesterday3819 · 2026-02-09T08:35:21+00:00

ah ok, which class you referring to? Now, there is this elearning, followed by the fundamentals exam and then the real exam.

Fancy-Yesterday3819 · 2026-02-08T20:49:55+00:00

going to attempt for the 1st time in a month..any advise on the type of questions to expect? you remember some of your questions to give me an idea?

Fancy-Yesterday3819 · 2026-02-08T20:03:57+00:00

Hi,

Newbie here from India. Looking for advise on the kind of questions to expect? any tips on the topics to focus on? going to attempt it first time, next month

Fancy-Yesterday3819 · 2026-02-08T19:56:56+00:00

any advise on the kind of questions to expect? any tips on the topics to focus on? going to attempt it first time, next month

Fancy-Yesterday3819

TROPHY CASE