SY0-301 · Question #819
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the
The correct answer is C. Firewalls. Firewalls satisfy both requirements: they enforce network segmentation by controlling traffic between network segments (segregating credit card systems from the corporate network) and they maintain logs of allowed and denied connections (meeting the access logging requirement). T
Question
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements?
Options
- ASniffers
- BNIDS
- CFirewalls
- DWeb proxies
- ELayer 2 switches
How the community answered
(41 responses)- A2% (1)
- C95% (39)
- D2% (1)
Explanation
Firewalls satisfy both requirements: they enforce network segmentation by controlling traffic between network segments (segregating credit card systems from the corporate network) and they maintain logs of allowed and denied connections (meeting the access logging requirement). This directly aligns with PCI-DSS requirements. Sniffers (Option A) capture traffic but do not block or segment. NIDS (Option B) detects intrusions but does not enforce segmentation. Web proxies (Option D) control web traffic but do not provide full network segmentation. Layer 2 switches (Option E) can create VLANs for logical separation but lack the stateful traffic filtering and logging capabilities of a firewall.
Topics
Community Discussion
No community discussion yet for this question.