nerdexam
(ISC)2

CISSP · Question #489

An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder

The correct answer is C. Mandate encryption of cardholder data.. The most effective approach to safeguard digital and paper media that contains cardholder data is to mandate encryption of cardholder data. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm, so that only authorized parties can ac

Submitted by olafpl· Mar 5, 2026Asset Security

Question

An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?

Options

  • AUse and regularity update antivirus software.
  • BMaintain strict control over storage of media
  • CMandate encryption of cardholder data.
  • DConfigure firewall rules to protect the data.

How the community answered

(25 responses)
  • A
    8% (2)
  • B
    4% (1)
  • C
    76% (19)
  • D
    12% (3)

Explanation

The most effective approach to safeguard digital and paper media that contains cardholder data is to mandate encryption of cardholder data. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm, so that only authorized parties can access or modify the data. Encryption protects the confidentiality, integrity, and availability of cardholder data, which is any personally identifiable information associated with a cardholder, such as name, account number, expiration date, or security code. Encryption also helps to comply with the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of requirements and guidelines for ensuring the security of payment card transactions and data. PCI-DSS requires that cardholder data must be encrypted when stored or transmitted over public networks, and that encryption keys must be protected and managed securely. Using and regularly updating antivirus software, maintaining strict control over storage of media, and configuring firewall rules to protect the data are also good practices to safeguard cardholder data, but they are not as effective as encryption, as they may not prevent unauthorized access or modification of the data, or they may not apply to all types of media or scenarios.

Topics

#PCI-DSS#Data encryption#Cardholder data#Data at rest

Community Discussion

No community discussion yet for this question.

Full CISSP Practice