nerdexam
CompTIA

CV0-003 · Question #424

There has been a change in requirements for two countries where PCI virtual instances exist. As such three virtual instances need to be added in both countries' PCI environments, and two instances nee

The correct answer is A. By the effective date of the new requirement, in each country, remove the two out-of-compliance virtual. PCI DSS compliance requires that non-compliant instances be removed and new compliant instances be deployed by the effective date of updated requirements.

Security

Question

There has been a change in requirements for two countries where PCI virtual instances exist. As such three virtual instances need to be added in both countries' PCI environments, and two instances need to be removed. Which of the following is the BEST way to ensure compliance is met in those two countries?

Options

  • ABy the effective date of the new requirement, in each country, remove the two out-of-compliance virtual
  • BBy the effective date of the new requirement, in each country, implement the three new virtual instances.
  • CBy the effective date of the new requirement, in each country implement the three new virtual instances.
  • DBy the effective date of the new requirement, in each country, remove the two out-of-compliance virtual

How the community answered

(62 responses)
  • A
    52% (32)
  • B
    8% (5)
  • C
    15% (9)
  • D
    26% (16)

Why each option

PCI DSS compliance requires that non-compliant instances be removed and new compliant instances be deployed by the effective date of updated requirements.

ABy the effective date of the new requirement, in each country, remove the two out-of-compliance virtualCorrect

PCI DSS mandates that environments fully satisfy compliance requirements by the defined effective date, meaning both the removal of out-of-compliance virtual instances and the addition of newly required instances must occur together. Option A ensures non-compliant workloads are decommissioned at the same time new compliant instances are deployed, preventing any gap in compliance status. Leaving old instances running past the effective date would constitute a direct PCI DSS violation in both countries' cardholder data environments.

BBy the effective date of the new requirement, in each country, implement the three new virtual instances.

Implementing only the three new instances without removing the two non-compliant ones leaves out-of-scope workloads active past the effective date, violating PCI DSS requirements.

CBy the effective date of the new requirement, in each country implement the three new virtual instances.

Adding new instances alone does not bring the environment into full compliance because the non-compliant instances remain operational past the effective date.

DBy the effective date of the new requirement, in each country, remove the two out-of-compliance virtual

Option D addresses only removal without confirming the new required instances are simultaneously in place, leaving the environment short of its mandated configuration.

Concept tested: PCI DSS virtual instance compliance change management

Source: https://www.pcisecuritystandards.org/document_library/

Topics

#PCI compliance#virtual instances#regulatory compliance#change management

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice