What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

QSA_New_V4 0 Comments

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?
A . The security protocol Is configured to accept all digital certificates.
B . A proprietary security protocol is used.
C . The security protocol accepts only trusted keys.
D . The security protocol accepts connections from systems with lower encryption strength than required by the protocol.

Answer: C

Explanation:

Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be

protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and

prevents unauthorized access.

Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises

the security of the encrypted communication.

Prohibited Practices:

A/D: Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B: Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted​.

Latest QSA_New_V4 Dumps Valid Version with 40 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download QSA_New_V4 PDF    QSA_New_V4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments