nerdexam
Exams210-255Questions#186
Cisco

210-255 · Question #186

210-255 Question #186: Real Exam Question with Answer & Explanation

The correct answer is A: PCI. PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.

Question

Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)

Options

  • APCI
  • BGLBA
  • CHIPAA
  • DSOX
  • ECOBIT

Explanation

PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.

Common mistakes.

  • B. GLBA (Gramm-Leach-Bliley Act) mandates data security programs for financial institutions but does not prescribe specific technical controls such as mandatory transmission encryption.
  • D. SOX (Sarbanes-Oxley Act) focuses on financial reporting accuracy and internal controls for publicly traded companies, not on specific data encryption requirements for network transmission.
  • E. COBIT is an IT governance framework, not a compliance regulation - it provides guidance and best practices but does not mandate specific technical controls like encryption in transit.

Concept tested. Compliance framework requirements for data encryption in transit

Reference. https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice