ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 111 discussion

Actual exam question from Cisco's 350-201
Question #: 111
Topic #: 1
[All 350-201 Questions]

A company recently started accepting credit card payments in their local warehouses and is undergoing a PCI audit. Based on business requirements, the company needs to store sensitive authentication data for 45 days. How must data be stored for compliance?

  • A. post-authorization by non-issuing entities if there is a documented business justification
  • B. by entities that issue the payment cards or that perform support issuing services
  • C. post-authorization by non-issuing entities if the data is encrypted and securely stored
  • D. by issuers and issuer processors if there is a legitimate reason
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by tukan at Nov. 1, 2021, 12:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marceus
4 months, 2 weeks ago
Selected Answer: C
ChatGPT: In PCI compliance, sensitive authentication data (SAD) must not be stored after authorization except under very specific conditions. However, if there is a legitimate business need to store it post-authorization (for example, storing data for a specified period), it must be encrypted and securely stored to ensure the confidentiality and integrity of the data. This ensures that sensitive information like credit card details is protected according to PCI DSS standards and only retained as needed for the business operation.
upvoted 1 times
...
27ea763
5 months ago
Selected Answer: C
The question already mentions that there is a business justification and requests how the data should be stored. This would be answer C
upvoted 1 times
...
TrainingTeam
8 months, 1 week ago
Selected Answer: A
For PCI compliance, sensitive authentication data can be stored post-authorization by non-issuing entities if there is a documented business justification. The data must be protected according to PCI DSS requirements, ensuring that it is stored securely and access is controlled4.
upvoted 1 times
...
Medjai89
2 years, 6 months ago
D https://bd.visa.com/content/dam/VCOM/global/support-legal/documents/bulletin-issuer-pci-dss-faq.pdf
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel