CV0-003 · Question #424
There has been a change in requirements for two countries where PCI virtual instances exist. As such three virtual instances need to be added in both countries' PCI environments, and two instances nee
The correct answer is A. By the effective date of the new requirement, in each country, remove the two out-of-compliance virtual. PCI DSS compliance requires that non-compliant instances be removed and new compliant instances be deployed by the effective date of updated requirements.
Question
There has been a change in requirements for two countries where PCI virtual instances exist. As such three virtual instances need to be added in both countries' PCI environments, and two instances need to be removed. Which of the following is the BEST way to ensure compliance is met in those two countries?
Options
- ABy the effective date of the new requirement, in each country, remove the two out-of-compliance virtual
- BBy the effective date of the new requirement, in each country, implement the three new virtual instances.
- CBy the effective date of the new requirement, in each country implement the three new virtual instances.
- DBy the effective date of the new requirement, in each country, remove the two out-of-compliance virtual
How the community answered
(62 responses)- A52% (32)
- B8% (5)
- C15% (9)
- D26% (16)
Why each option
PCI DSS compliance requires that non-compliant instances be removed and new compliant instances be deployed by the effective date of updated requirements.
PCI DSS mandates that environments fully satisfy compliance requirements by the defined effective date, meaning both the removal of out-of-compliance virtual instances and the addition of newly required instances must occur together. Option A ensures non-compliant workloads are decommissioned at the same time new compliant instances are deployed, preventing any gap in compliance status. Leaving old instances running past the effective date would constitute a direct PCI DSS violation in both countries' cardholder data environments.
Implementing only the three new instances without removing the two non-compliant ones leaves out-of-scope workloads active past the effective date, violating PCI DSS requirements.
Adding new instances alone does not bring the environment into full compliance because the non-compliant instances remain operational past the effective date.
Option D addresses only removal without confirming the new required instances are simultaneously in place, leaving the environment short of its mandated configuration.
Concept tested: PCI DSS virtual instance compliance change management
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.