Exam PT0-002 All QuestionsBrowse all questions from this exam
Go to Exam
Question 215

During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

    Correct Answer: B

    To be PCI compliant and protect sensitive customer information such as addresses, phone numbers, and credit card numbers, the company should implement network segmentation. Network segmentation helps in isolating different parts of the network, making it harder for an attacker who gains access to one section to reach sensitive data stored in another. This method is particularly effective in protecting the cardholder data environment (CDE) from unauthorized access, which is a specific requirement of the PCI DSS (Payment Card Industry Data Security Standard).

Discussion
kloug

bbbbbbbbbb

solutionzOption: B

To be PCI compliant and protect sensitive customer information such as addresses, phone numbers, and credit card numbers, the company should have implemented B. Network segmentation.

[Removed]Option: B

B is correct

pepguaOption: B

The BEST control to protect customer data like credit card numbers for PCI compliance is: B. Network segmentation Network segmentation isolates different parts of the network. In this case, ideally, the customer information folder should be placed in a separate network segment with stricter access controls. This would make it much harder for an attacker who has breached one part of the network (like the penetration tester) to access the sensitive data in another segment. PCI DSS (Payment Card Industry Data Security Standard) specifically requires that organizations implement network segmentation to isolate the cardholder data environment (CDE) from the rest of the network. This helps to ensure that even if an attacker gains access to a system on the network, they wouldn't have easy access to the sensitive credit card data.

deedenOption: B

The term "another part of the network" here may very well mean separate VLANs. However, it's important to consider that network segmentation can be achieved through various methods beyond VLANs. For example, organizations can use physical network segmentation (e.g., separate physical networks), subnetting, firewall rules, or access control lists (ACLs) to segment their networks.

[Removed]Option: B

This is on another question. I can't remember which one, but it's the same answer basically.