nerdexam
Cisco

210-255 · Question #186

Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)

The correct answer is A. PCI C. HIPAA. PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.

Security Policies and Procedures

Question

Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)

Options

  • APCI
  • BGLBA
  • CHIPAA
  • DSOX
  • ECOBIT

How the community answered

(34 responses)
  • A
    88% (30)
  • B
    3% (1)
  • D
    3% (1)
  • E
    6% (2)

Why each option

PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.

APCICorrect

PCI DSS Requirement 4.2.1 explicitly states that strong cryptography must be used to safeguard primary account number (PAN) data during transmission over open, public networks.

BGLBA

GLBA (Gramm-Leach-Bliley Act) mandates data security programs for financial institutions but does not prescribe specific technical controls such as mandatory transmission encryption.

CHIPAACorrect

HIPAA Security Rule (45 CFR 164.312(e)(2)(ii)) specifies that covered entities must implement a mechanism to encrypt electronic protected health information (ePHI) whenever deemed appropriate, and transmission security is a required standard, making encryption of data in transit a recognized safeguard.

DSOX

SOX (Sarbanes-Oxley Act) focuses on financial reporting accuracy and internal controls for publicly traded companies, not on specific data encryption requirements for network transmission.

ECOBIT

COBIT is an IT governance framework, not a compliance regulation - it provides guidance and best practices but does not mandate specific technical controls like encryption in transit.

Concept tested: Compliance framework requirements for data encryption in transit

Source: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf

Topics

#PCI DSS#HIPAA#encryption in transit#compliance requirements

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice