Cisco
400-007 · Question #181
400-007 Question #181: Real Exam Question with Answer & Explanation
The correct answer is B: install firewalls. PCI DSS mandates specific prescriptive technical controls that merchants must implement to protect cardholder data environments from breaches and unauthorized access.
Question
Which two actions must merchants do to be compliant with the Payment Card Industry Data Security Standard? (Choose two.)
Options
- Aconduct risk analyses
- Binstall firewalls
- Cuse antivirus software
- Destablish monitoring policies
- Eestablish risk management policies
Explanation
PCI DSS mandates specific prescriptive technical controls that merchants must implement to protect cardholder data environments from breaches and unauthorized access.
Common mistakes.
- A. Conducting risk analyses is a foundational requirement of ISO 27001 and NIST SP 800-30, not a primary prescriptive compliance action explicitly listed in PCI DSS.
- D. While PCI DSS Requirement 10 addresses logging and monitoring, 'establishing monitoring policies' is phrased too broadly and is not one of the two explicit technical controls the standard is most known for mandating.
- E. Establishing risk management policies is a core obligation under ISO 27001 and similar governance frameworks, whereas PCI DSS specifies concrete technical and operational controls rather than policy-level risk management programs.
Concept tested. PCI DSS core technical compliance requirements
Reference. https://www.pcisecuritystandards.org/document_library/
Community Discussion
No community discussion yet for this question.