312-50V10 · Question #11
What is not a PCI compliance recommendation?
The correct answer is C. Rotate employees handling credit card transactions on a yearly basis to different departments.. Tests knowledge of the 12 PCI DSS requirements by identifying which option is not an actual PCI DSS mandate.
Question
What is not a PCI compliance recommendation?
Options
- AUse a firewall between the public network and the payment card data.
- BUse encryption to protect all transmission of card holder data over any public network.
- CRotate employees handling credit card transactions on a yearly basis to different departments.
- DLimit access to card holder data to as few individuals as possible.
How the community answered
(52 responses)- A4% (2)
- C94% (49)
- D2% (1)
Why each option
Tests knowledge of the 12 PCI DSS requirements by identifying which option is not an actual PCI DSS mandate.
PCI DSS Requirement 1 explicitly mandates installing and maintaining a firewall configuration to protect cardholder data from public network access.
PCI DSS Requirement 4 requires encrypting transmission of cardholder data across open or public networks.
PCI DSS does not include a requirement to rotate employees handling credit card transactions to different departments on a yearly basis. While PCI DSS Requirement 7 enforces least-privilege access and separation of duties, mandatory annual departmental rotation is not defined anywhere in the PCI DSS standard. Confusing general HR best practices with specific PCI DSS controls is a common distractor.
PCI DSS Requirement 7 requires restricting access to cardholder data on a need-to-know basis, limiting it to as few individuals as possible.
Concept tested: PCI DSS 12 requirements compliance knowledge
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.