nerdexam
EC-Council

312-50V10 · Question #11

What is not a PCI compliance recommendation?

The correct answer is C. Rotate employees handling credit card transactions on a yearly basis to different departments.. Tests knowledge of the 12 PCI DSS requirements by identifying which option is not an actual PCI DSS mandate.

Information Security and Ethical Hacking Fundamentals

Question

What is not a PCI compliance recommendation?

Options

  • AUse a firewall between the public network and the payment card data.
  • BUse encryption to protect all transmission of card holder data over any public network.
  • CRotate employees handling credit card transactions on a yearly basis to different departments.
  • DLimit access to card holder data to as few individuals as possible.

How the community answered

(52 responses)
  • A
    4% (2)
  • C
    94% (49)
  • D
    2% (1)

Why each option

Tests knowledge of the 12 PCI DSS requirements by identifying which option is not an actual PCI DSS mandate.

AUse a firewall between the public network and the payment card data.

PCI DSS Requirement 1 explicitly mandates installing and maintaining a firewall configuration to protect cardholder data from public network access.

BUse encryption to protect all transmission of card holder data over any public network.

PCI DSS Requirement 4 requires encrypting transmission of cardholder data across open or public networks.

CRotate employees handling credit card transactions on a yearly basis to different departments.Correct

PCI DSS does not include a requirement to rotate employees handling credit card transactions to different departments on a yearly basis. While PCI DSS Requirement 7 enforces least-privilege access and separation of duties, mandatory annual departmental rotation is not defined anywhere in the PCI DSS standard. Confusing general HR best practices with specific PCI DSS controls is a common distractor.

DLimit access to card holder data to as few individuals as possible.

PCI DSS Requirement 7 requires restricting access to cardholder data on a need-to-know basis, limiting it to as few individuals as possible.

Concept tested: PCI DSS 12 requirements compliance knowledge

Source: https://www.pcisecuritystandards.org/document_library/

Topics

#PCI-DSS#compliance controls#access control policy#security requirements

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice