Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PCI Exam QSA_New_V4 Topic 3 Question 7 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 7
Topic #: 3
[All QSA_New_V4 Questions]

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

Show Suggested Answer Hide Answer
Suggested Answer: C

Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and prevents unauthorized access.

Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises the security of the encrypted communication.

Prohibited Practices:

A/D: Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B: Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel