Which two configuration items does the PCI-DSS Compliance report check to ensure compliance? (Choose two.)
Which two configuration items does the PCI-DSS Compliance report check to ensure compliance? (Choose two.)
Ensuring compliance with PCI-DSS involves verifying specific security measures. Bound SSL certificates are essential for securing the transmission of cardholder data across open, public networks, aligning with Requirement 4 of PCI DSS. Default credentials must be replaced with strong authentication credentials to meet Requirement 2 of PCI DSS, which prohibits the use of vendor-supplied default passwords and other security parameters. Therefore, these two configuration items are crucial for PCI-DSS compliance.
A. Bound SSL Certificates: Ensuring that SSL certificates are properly bound to the services is essential for securing transmissions of cardholder data across open, public networks. This corresponds with Requirement 4 of PCI DSS, which states that transmission of cardholder data across open, public networks must be encrypted. B. Default Credentials: Requirement 2 of PCI DSS specifies that entities must not use vendor-supplied defaults for system passwords and other security parameters. Ensuring that default credentials are not used and are replaced with strong authentication credentials is crucial for compliance.