Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

PCI Exam QSA_New_V4 Topic 4 Question 9 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 9
Topic #: 4
[All QSA_New_V4 Questions]

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

Show Suggested Answer Hide Answer
Suggested Answer: C

Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and prevents unauthorized access.

Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises the security of the encrypted communication.

Prohibited Practices:

A/D: Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B: Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted.


by Xuan at Apr 07, 2025, 09:05 PM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lettie
5 days ago
D sounds like a terrible idea! Accepting lower encryption strength? That's just asking for trouble. The security protocol should be rock-solid.
upvoted 0 times
...
Almeta
6 days ago
I think the assessor should verify that the security protocol accepts only trusted keys.
upvoted 0 times
...
Albina
10 days ago
B sounds interesting, but I'm not sure a proprietary protocol is really the best option in this case. Open standards are usually more secure and reliable.
upvoted 0 times
...
Noel
16 days ago
C seems like the obvious choice here. The assessor needs to verify that the security protocol only accepts trusted keys, not any random certificate or lower encryption strength.
upvoted 0 times
Sabine
3 days ago
I think C is the best option. It ensures only trusted keys are accepted.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77