nerdexam
EC-Council

312-50V11 · Question #950

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

The correct answer is C. PCI-DSS. PCI-DSS is the mandatory security standard governing penetration testing and audits for organizations that handle payment card data.

Information Security and Ethical Hacking Fundamentals

Question

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

Options

  • AFISMA
  • BHITECH
  • CPCI-DSS
  • DSarbanes-OxleyAct

How the community answered

(25 responses)
  • A
    4% (1)
  • C
    92% (23)
  • D
    4% (1)

Why each option

PCI-DSS is the mandatory security standard governing penetration testing and audits for organizations that handle payment card data.

AFISMA

FISMA (Federal Information Security Management Act) applies to U.S. federal government agencies and their contractors, not to private-sector credit card companies.

BHITECH

HITECH governs the security and privacy of electronic protected health information in the healthcare sector, not payment card data.

CPCI-DSSCorrect

PCI-DSS (Payment Card Industry Data Security Standard) was established by the major card brands and explicitly requires regular penetration testing and security audits for any entity that processes, stores, or transmits cardholder data. As an auditor and penetration tester at a credit card company, Bill's entire engagement scope is defined and mandated by PCI-DSS requirements. No other listed standard specifically addresses payment card security obligations.

DSarbanes-OxleyAct

The Sarbanes-Oxley Act mandates financial reporting controls and corporate governance for publicly traded companies but does not specifically address payment card data security or penetration testing requirements.

Concept tested: PCI-DSS applicability to payment card security auditing

Source: https://www.pcisecuritystandards.org/document_library/

Topics

#PCI-DSS#compliance standards#payment card security#regulatory frameworks

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice