Bird
0
0

A company claims it follows PCI DSS by encrypting payment data but allows all employees unrestricted access to the data. What is the main error in their compliance?

medium📝 Analysis Q14 of 15
Cybersecurity - Compliance and Governance
A company claims it follows PCI DSS by encrypting payment data but allows all employees unrestricted access to the data. What is the main error in their compliance?
AThey failed to restrict access to payment data
BThey did not encrypt the data properly
CThey used outdated encryption algorithms
DThey did not install firewalls
Step-by-Step Solution
Solution:

  1. Step 1: Identify PCI DSS requirements

    PCI DSS requires both encryption and strict access controls to protect data.

  2. Step 2: Analyze the company's practice

    They encrypt data but allow unrestricted access, violating access control rules.

  3. Final Answer:

    They failed to restrict access to payment data -> Option A

  4. Quick Check:

    Access control is mandatory, not just encryption [OK]
Quick Trick: Encryption alone is not enough; control access too [OK]
Common Mistakes:
MISTAKES
  • Assuming encryption fixes all security issues
  • Ignoring access control importance
  • Confusing encryption quality with access policies

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Digital Forensics - Log forensics - Quiz 9hard Digital Forensics - Why forensics preserves evidence - Quiz 5medium Digital Forensics - Disk imaging and analysis - Quiz 9hard Digital Forensics - Network forensics - Quiz 1easy Digital Forensics - Memory forensics basics - Quiz 3easy Emerging Security Topics - Supply chain security - Quiz 14medium Incident Response - Containment strategies - Quiz 15hard Incident Response - Incident response lifecycle - Quiz 11easy Incident Response - Why incident response plans save organizations - Quiz 4medium Security Architecture and Design - Security design patterns - Quiz 5medium