nerdexam
GIAC

GCFA · Question #66

GCFA Question #66: Real Exam Question with Answer & Explanation

The correct answer is B. Strong encryption software should be used to store credit card information. C. Only authorized access should be allowed to credit card information.. Securing stored credit card data requires strong encryption of the data itself and strict access controls limiting who can retrieve it, in line with PCI-DSS requirements.

Question

You work as a Network Administrator for Web World Inc. You want to host an e-commerce Web site on your network. You want to ensure that storage of credit card information is secure. Which of the following conditions should be met to accomplish this? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ANT authentication should be required for all customers before they provide their credit card numbers.
  • BStrong encryption software should be used to store credit card information.
  • COnly authorized access should be allowed to credit card information.
  • DThe NTFS file system should be implemented on a client computer.

Explanation

Securing stored credit card data requires strong encryption of the data itself and strict access controls limiting who can retrieve it, in line with PCI-DSS requirements.

Common mistakes.

  • A. Requiring NT authentication for customers before collecting card numbers is not a recognized PCI-DSS control for protecting stored cardholder data and does not address how data is secured after storage.
  • D. Implementing NTFS on a client computer does not secure credit card data stored on a server; client-side filesystem choice has no bearing on server-side data protection.

Concept tested. PCI-DSS requirements for credit card data protection

Reference. https://www.pcisecuritystandards.org/document_library/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice