nerdexam
EC-Council

312-50V11 · Question #783

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

The correct answer is D. Hire a security consultant to provide direction.. Handling credit card data is governed by PCI DSS compliance requirements, making expert consultation the recommended first step before implementing any backup strategy.

Cryptography

Question

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?

Options

  • ADo not back up either the credit card numbers or their hashes.
  • BEncrypt backup tapes that are sent off-site.
  • CBack up the hashes of the credit card numbers not the actual credit card numbers.
  • DHire a security consultant to provide direction.

How the community answered

(27 responses)
  • A
    7% (2)
  • B
    15% (4)
  • C
    4% (1)
  • D
    74% (20)

Why each option

Handling credit card data is governed by PCI DSS compliance requirements, making expert consultation the recommended first step before implementing any backup strategy.

ADo not back up either the credit card numbers or their hashes.

Not backing up credit card data or hashes may be appropriate in some cases, but this blanket approach ignores legitimate business and compliance needs that a consultant would properly assess.

BEncrypt backup tapes that are sent off-site.

Encrypting off-site tapes is a PCI DSS requirement for stored cardholder data, but it is only one control and does not address all compliance obligations involved in adding card data to backups.

CBack up the hashes of the credit card numbers not the actual credit card numbers.

Backing up hashes instead of actual card numbers reduces risk but hashes alone may not satisfy all business or recovery requirements, and this decision should be validated by a compliance expert.

DHire a security consultant to provide direction.Correct

Adding credit card numbers to backups introduces PCI DSS (Payment Card Industry Data Security Standard) compliance obligations that carry significant legal and financial risk. A qualified security consultant or QSA (Qualified Security Assessor) can ensure the backup strategy meets all PCI DSS requirements for data protection, encryption, and access controls before implementation.

Concept tested: PCI DSS compliance for credit card data backup

Source: https://www.pcisecuritystandards.org/document_library/

Topics

#data backup#encryption#credit card data#risk management

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice