350-201(NEW-127Q) · Question #33
350-201(NEW-127Q) Question #33: Real Exam Question with Answer & Explanation
The correct answer is D. GDPR. GDPR (D) and PCI DSS (E) are the two correct answers - the listed "Correct Answer: D" appears incomplete, as the question requires two selections and the scenario clearly supports both. Why D and E are correct: The question specifies a European organization (pointing to GDPR, the
Question
Options
- AFISMA
- BHIPAA
- CFedRAMP
- DGDPR
- EPCI DSS
Explanation
GDPR (D) and PCI DSS (E) are the two correct answers - the listed "Correct Answer: D" appears incomplete, as the question requires two selections and the scenario clearly supports both.
Why D and E are correct: The question specifies a European organization (pointing to GDPR, the EU's data privacy regulation) and a zone where credit card data flows (pointing to PCI DSS, the Payment Card Industry Data Security Standard). These two standards map directly to the stated organizational context.
Why the distractors are wrong:
- A. FISMA - applies to U.S. federal agencies and contractors, not European organizations
- B. HIPAA - governs U.S. healthcare data (Protected Health Information), irrelevant here since there's no mention of medical data
- C. FedRAMP - a U.S. government cloud security authorization program, also U.S.-federal-specific
Memory tip: Think of the two key clues in any compliance question - geography and data type. "European" → GDPR; "credit card data" → PCI DSS. The other three options (FISMA, HIPAA, FedRAMP) all share a common trait: they are U.S.-specific frameworks, making them easy to eliminate whenever the scenario is set outside the United States or lacks healthcare/federal context.
Topics
Community Discussion
No community discussion yet for this question.