Which combination of actions best meets PCI DSS requirements?
hard🚀 Application Q15 of 15
Cybersecurity - Compliance and Governance
A retailer wants to comply with PCI DSS by encrypting stored cardholder data and limiting access. They also want to ensure their firewall rules are strict. Which combination of actions best meets PCI DSS requirements?
AEncrypt data only and allow all staff to access it for convenience
BEncrypt data, restrict access to authorized staff, and configure firewalls to block unauthorized traffic
CUse firewalls only and do not encrypt data to improve speed
DRestrict access only and skip encryption if firewalls are active
Step-by-Step Solution
Solution:
Step 1: Review PCI DSS key controls
PCI DSS requires encryption, access control, and firewall protection together.
Step 2: Evaluate each option
Encrypt data, restrict access to authorized staff, and configure firewalls to block unauthorized traffic includes all required controls; others miss one or more important steps.
Final Answer:
Encrypt data, restrict access to authorized staff, and configure firewalls to block unauthorized traffic -> Option B
Quick Check:
All three controls combined = PCI DSS compliance [OK]
Quick Trick:Combine encryption, access control, and firewalls [OK]
Common Mistakes:
MISTAKES
Skipping encryption or access control
Relying on firewalls alone
Allowing unrestricted data access
Master "Compliance and Governance" in Cybersecurity
9 interactive learning modes - each teaches the same concept differently
