ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 400-007 All Questions

View all questions & answers for the 400-007 exam
Go to Exam

Exam 400-007 topic 1 question 171 discussion

Actual exam question from Cisco's 400-007
Question #: 171
Topic #: 1
[All 400-007 Questions]

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)

  • A. Ensure that strong cryptography is applied for users who have administrative access through networks
  • B. Apply strong cryptography and security protocols to safeguard sensitive cardholder data.
  • C. Apply strong encryption for transmission of cardholder data across public networks.
  • D. Protect all user systems against malware and frequently update antivirus software
  • E. Maintain a policy that addresses information security for employees and third parties.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by vn at Dec. 14, 2022, 4:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
J_W
Highly Voted 1 year, 5 months ago
Selected Answer: BC
When migrating the terminals to TLSv1.2, it is crucial to ensure the application of strong cryptography and security protocols to safeguard sensitive cardholder data. This involves using encryption algorithms and protocols that meet the required security standards. Additionally, strong encryption should be applied for the transmission of cardholder data across public networks. This means ensuring that the data is encrypted during its transmission to prevent unauthorized access or interception. This requirement helps protect the confidentiality and integrity of cardholder data as it travels over potentially insecure networks. The other options mentioned, such as ensuring strong cryptography for users with administrative access (option A), protecting user systems against malware (option D), and maintaining an information security policy (option E), are also important considerations for overall security and compliance but may not be directly related to the specific migration of terminals to TLSv1.2 as required by PCI DSS.
upvoted 6 times
...
ba7a09d
Most Recent 4 months, 2 weeks ago
Selected Answer: CE
The only 2 answers that match the PCI DSS requirements list.
upvoted 1 times
...
skjs
8 months, 3 weeks ago
Selected Answer: CE
C: without doubt. Matches #4 PCI DSS Requirement among the 12 listed in the cert guide. not D because cert guide #5 PCI DSS requirement mentions "all systems" , here we see "all user systems" E : Matches #12 requirement. Cert guide says "for all personnel" so it includes employees and 3rd p.
upvoted 3 times
...
caleb
9 months, 1 week ago
Selected Answer: AC
A and C according to this https://www.centurybizsolutions.net/tls-1-2-requirements/
upvoted 2 times
...
yasglobal
1 year ago
Selected Answer: AB
A and B
upvoted 1 times
...
vn
1 year, 10 months ago
C & E B is part of C https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf
upvoted 3 times
ying162
1 year, 10 months ago
B is data at rest and C is data in motion
upvoted 6 times
...
biddid2
1 year, 7 months ago
E is for operation to fulfill PCI DSS, you need it either TLS 1.0 or 1.2
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago