nerdexam
(ISC)2

CISSP · Question #345

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of th

The correct answer is C. Follow organizational processes to alert the proper teams to address the issue.. Upon discovering a critical PCI-DSS violation involving clear text credit card data transfer, a security analyst must prioritize reporting this new security issue according to established organizational processes.

Submitted by carter_n· Mar 5, 2026Security Operations

Question

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Options

  • ASend the log file co-workers for peer review
  • BInclude the full network traffic logs in the incident report
  • CFollow organizational processes to alert the proper teams to address the issue.
  • DIgnore data as it is outside the scope of the investigation and the analyst's role.

How the community answered

(39 responses)
  • A
    10% (4)
  • B
    21% (8)
  • C
    64% (25)
  • D
    5% (2)

Why each option

Upon discovering a critical PCI-DSS violation involving clear text credit card data transfer, a security analyst must prioritize reporting this new security issue according to established organizational processes.

ASend the log file co-workers for peer review

Sending log files for peer review is an analytical step and does not constitute the immediate, actionable next step for reporting and addressing a critical security and compliance violation.

BInclude the full network traffic logs in the incident report

Including irrelevant network traffic logs in the original incident report is inappropriate and does not facilitate the proper handling and remediation of the newly discovered critical security vulnerability.

CFollow organizational processes to alert the proper teams to address the issue.Correct

Upon discovering a critical security vulnerability and compliance violation, such as clear text credit card data, the analyst's immediate next step is to follow established organizational incident response and reporting procedures. This ensures the unauthorized data transfer is properly escalated to the appropriate teams (e.g., application owners, security operations, compliance) for thorough investigation and remediation, even if it was found during an unrelated security review. This adherence to protocol is critical for maintaining compliance and organizational security posture.

DIgnore data as it is outside the scope of the investigation and the analyst's role.

Ignoring a critical security and compliance violation, especially involving sensitive data like credit card information, is a negligent and unacceptable action for a security analyst.

Concept tested: Organizational security incident reporting and escalation procedures

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#Incident response#Ethical conduct#PCI-DSS compliance#Data in transit encryption

Community Discussion

No community discussion yet for this question.

Full CISSP Practice