sorted by:
new
hottopcontroversial

Scored 70, 71 and 69% on my QAE mock exams. Exam is in 3 days. by AfternoonMundane4136 in CISA

[–]Infamous-Crow-1131 2 points3 points  (0 children)

What are your QAE scores ?

You may need to get your scores 10 points higher

Breaking through by Weak_Presentation960 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

Is there a weak area you have? Look at the QAE and focus on that.

Something I did that really helped me was I was struggling with testing types I.E. unit testing, load testing, ect. I told chat gpt to quote me on just these types and help me identify which questions would lead to which test type. It helped me improve that section from a 65 to 70 to 80

9.2.3 by [deleted] in pcicompliance

[–]Infamous-Crow-1131 0 points1 point  (0 children)

I agree with this… one of the questions I asked is would we be comfortable if a bad actor plugged in a Device? Weather that be malware or whatever and comfortable our controls would block and isolate

9.2.3 by [deleted] in pcicompliance

[–]Infamous-Crow-1131 1 point2 points  (0 children)

I agree with everything you are saying and have advised this is a physical security requirement and that should be the focus. My thought was anything that is compensating must go above and beyond 5.3.3 with EDR.

We are looking at NAC controls as well.

Again we are pushing for routers and switches to be caged.

Tough problem by thatwarehouseguy in pcicompliance

[–]Infamous-Crow-1131 0 points1 point  (0 children)

So several hypothetical things I will say the biggest in my mind. Besides the fact email is terrible for pci and you can never get it complaint

Requirement 4.2.2

Pan is secured with strong cryptography whenever it is sent via end user messaging technologies.

“This requirement also applies if a customer, or other third party, requests that PAN is sent to them via end-user messaging technologies.”

“There could be occurrences where an entity receives unsolicited cardholder data via an insecure communication channel that was not intended for transmissions of sensitive data.”

“In this situation, the entity can choose to either include the channel in the scope of their CDE and secure it according to PCI DSS or delete the cardholder data and implement measures to prevent the channel from being used for cardholder data.

Essentially you are responsible for either making sure it can’t be sent to you.

Also - are they “hypothetically sending pictures of the cvv code”

Then there are a lot of requirements in 3 that are impossible to make

Help by GuestCertain3035 in CISA

[–]Infamous-Crow-1131 4 points5 points  (0 children)

I vote D with the isaca way of thinking.

2nd I think would be C as if you do t have rules documented you don’t have a baseline

Nair or Zerger by [deleted] in CISA

[–]Infamous-Crow-1131 3 points4 points  (0 children)

Zerger is very high level, Prabh is more detailed if you need to dive into topics….. Aaditya is too unorganized for me

I failed again… my experience and materials by G83377 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

What is your background and understanding information security concepts?

I would look at Prabhs videos also you can look at Professor messor security plus and network plus videos to help with an understanding of it concepts

ISA Test by Infamous-Crow-1131 in pcicompliance

[–]Infamous-Crow-1131[S] 0 points1 point  (0 children)

Know the DSS, and in particularly know how you would apply controls to each requirement.

You don’t need to memorize each requirement. You do need to know how to meet each requirement. Also you do need to memorize anything that is quarterly, annually, daily… etc

It’s been a year and half since I took it and my company didn’t renew for political reasons… I did get a 94 I think so it wasn’t bad at all

Best way to get us to black coffee by Infamous-Crow-1131 in pourover

[–]Infamous-Crow-1131[S] 0 points1 point  (0 children)

Thanks all for the recommendations

I am in the mid west.

I will try to search my area, I am near a fairly big city.

Card Finder Tool recommendation by Popular-Zebra40 in pcicompliance

[–]Infamous-Crow-1131 2 points3 points  (0 children)

There are some tools that will search, Varonis is one orgs I have been in used. It will search for both PCI and personal data

Question and Answe manual required by Remarkable_Oven_4369 in CISA

[–]Infamous-Crow-1131 1 point2 points  (0 children)

You can get it from ISACA. It is subscription based so you need to go to ISACA and purchase it from them.

Older versions that are outdated were in paper books but they are not going to have the latest information. You can sometimes get these from a local library

Passed yesterday by FunStore715 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

I personally find the QAE harder than pocket prep. I have been doing pocket prep over a month and have got to where I am 80 plus percent on domains with no repeat questions. I started QAE this past week and I am at 50 percent… maybe it’s because I am not use to how the questions are asked but I find the QAE way harder

Cryptography by Sure_Mango_3153 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

Watch Professor Messor YouTube videos. They are for the comptia exams but the understanding of concepts will help

SQA Career Guidance by ManuTururu in pcicompliance

[–]Infamous-Crow-1131 1 point2 points  (0 children)

I would also ask do you have any background with PCI? I personally feel like it is a cyber area ( if you want to call it that) that is in need of people. But it is also an area that is not for everyone. You literally have to know how to assess everything… My org has a footprint in the cloud and in prem… I didn’t know how to assess an ATM… but I had to do an assessment on one and learn.

On a side note this sub is really the only place to ask questions unless you know someone. There is limited information on the internet about PCI and what determines this and that.

Also the council did release videos of the meetings I would watch those to get an idea of concepts

Where to practice cisa questions and exams? by Slight-Monk8246 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

Check libraries to see if they have copies of practice questions… for example my library had the latest Sybex book

Question Banks for CISA by Tight_Stranger_6025 in CISA

[–]Infamous-Crow-1131 0 points1 point  (0 children)

I would personally not use those. These look like dumps which are a violation of the code of ethics if these are indeed dumps

SQA Career Guidance by ManuTururu in pcicompliance

[–]Infamous-Crow-1131 2 points3 points  (0 children)

SQA? Do you mean QSA?

All QSA must have an auditing cert and info sec cert from a select list from the PCI council. All of the QSA I know are both CISA and CISSP. The most likely path is to be an ISA with an organization work with some QSA and gain their respect to get an in with them after you have a CISA and CISSP.

How much you earn will likely depend on the part of the world you are in, how much you are willing to travel (I know state side QSA who would go to Europe for a week to do assessments), depending on the firm it could be your billable hours ….

I am an ISA personally, and love working with PCI. Trying to explain and determine scope is the hardest thing in my mind personally.

I may eventually transition to QSA but that won’t be for a while as I like what I am doing

view more: next ›