Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

PCI Exam QSA_New_V4 Topic 4 Question 9 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 9
Topic #: 4
[All QSA_New_V4 Questions]

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

Show Suggested Answer Hide Answer
Suggested Answer: C

Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and prevents unauthorized access.

Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises the security of the encrypted communication.

Prohibited Practices:

A/D: Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B: Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted.


by Xuan at Apr 07, 2025, 09:05 PM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ernie
1 months ago
C is the way to go. The assessor needs to make sure the protocol is configured to only trust the right keys, not just anything that comes along.
upvoted 0 times
...
Ena
1 months ago
I don't know, maybe the assessor should just throw a dice to decide. That seems as reliable as some of these answer choices!
upvoted 0 times
Dominic
1 days ago
User 3: Maybe they should also check that the security protocol is configured to accept all digital certificates.
upvoted 0 times
...
Wai
9 days ago
User 2: I agree, using a proprietary security protocol could also be a good option.
upvoted 0 times
...
Isabelle
9 days ago
User 1: I think the assessor should verify that the security protocol accepts only trusted keys.
upvoted 0 times
...
...
Adelaide
2 months ago
I disagree. I think the security protocol should accept connections from systems with lower encryption strength than required by the protocol to ensure compatibility with all systems.
upvoted 0 times
...
Virgilio
2 months ago
I agree with Almeta. Using trusted keys ensures that only authorized parties can access the cardholder data.
upvoted 0 times
...
Lettie
2 months ago
D sounds like a terrible idea! Accepting lower encryption strength? That's just asking for trouble. The security protocol should be rock-solid.
upvoted 0 times
Shanice
7 days ago
D) The security protocol accepts connections from systems with lower encryption strength than required by the protocol.
upvoted 0 times
...
Winfred
10 days ago
C) The security protocol accepts only trusted keys.
upvoted 0 times
...
Shawna
1 months ago
B) A proprietary security protocol is used.
upvoted 0 times
...
Annmarie
1 months ago
A) The security protocol Is configured to accept all digital certificates.
upvoted 0 times
...
...
Almeta
2 months ago
I think the assessor should verify that the security protocol accepts only trusted keys.
upvoted 0 times
...
Albina
2 months ago
B sounds interesting, but I'm not sure a proprietary protocol is really the best option in this case. Open standards are usually more secure and reliable.
upvoted 0 times
Juan
1 months ago
User 2: Yeah, I think C) is the best option, accepting only trusted keys.
upvoted 0 times
...
Bernardine
1 months ago
User 1: I agree, open standards are usually more secure.
upvoted 0 times
...
...
Noel
2 months ago
C seems like the obvious choice here. The assessor needs to verify that the security protocol only accepts trusted keys, not any random certificate or lower encryption strength.
upvoted 0 times
Grover
14 days ago
Agreed, accepting connections from systems with lower encryption strength would be a huge security risk.
upvoted 0 times
...
Blondell
15 days ago
It's crucial to verify that the security protocol is configured to only accept trusted keys.
upvoted 0 times
...
Marti
20 days ago
Definitely, we can't risk accepting any random certificate over open networks.
upvoted 0 times
...
Amber
1 months ago
I agree, C is the best option. We need to make sure only trusted keys are accepted.
upvoted 0 times
...
Marti
1 months ago
D would be a risky choice, we don't want to accept connections with lower encryption strength.
upvoted 0 times
...
Jani
2 months ago
Definitely, we need to make sure the security protocol is configured properly.
upvoted 0 times
...
Alisha
2 months ago
Agreed, using a proprietary security protocol could also help protect cardholder data.
upvoted 0 times
...
Sabine
2 months ago
I think C is the best option. It ensures only trusted keys are accepted.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77