Exam 220-1102 topic 1 question 178 discussion

What are the 12 requirements of PCI DSS? Anyone see "backups" on the list? Protect your system with firewalls Configure passwords and settings Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Use and regularly update anti-virus software Regularly update and patch systems Restrict access to cardholder data to business need to know Assign a unique ID to each person with computer access Restrict physical access to workplace and cardholder data Implement logging and log management Conduct vulnerability scans and penetration tests Documentation and risk assessments

I don't think it's F because using AV is more important than a backup. No backup means potentially losing the credit card info, but that is still a better outcome than getting the credit card info stolen.

To remain compliant with common regulatory controls when storing credit card data on workstations, the IT department should enable the following two options: A. Encryption: Encryption is essential for protecting sensitive data, such as credit card information, and is often required by regulations like the Payment Card Industry Data Security Standard (PCI DSS). B. Antivirus: Antivirus software helps protect against malware and viruses that could potentially compromise the security of credit card data. The other options, such as AutoRun, Guest accounts, Default passwords, and Backups, are not directly related to securing credit card data and may not be relevant to regulatory compliance in this context.

You'll want to establish a security posture using regular scans that can detect if data has been tampered with, hash encryptions would allow your antivirus program to recognize unknown files & also recognize tampered files. Having backups of these copies would secure data if destroyed on site, & requires the antivirus security format placed to be implemented again where-ever that data might be stored. Using a logical copy of the original security systems innerworkings plus data might make it a little more complicated though to have full synchrony.

short answer A team of support agents will be using their workstations to store credit card data. Which of the following should the IT department enable on the workstations in order to remain compliant with common regulatory controls? (Choose two.) A. Encryption B. Antivirus C. AutoRun D. Guest accounts E. Default passwords F. Backups ChatGPT A. Encryption F. Backups

Encryption is a security measure that protects data by converting it into an unreadable format that can only be accessed by authorized users with the correct decryption key. By encrypting the credit card data stored on the workstations, the IT department can ensure that the data is protected from unauthorized access, even if the workstations are lost or stolen. Backups are copies of data that are stored in a separate location and can be used to restore data in the event of a data loss. By regularly backing up the credit card data stored on the workstations, the IT department can ensure that the data can be recovered if it is lost or corrupted due to a hardware failure, malware attack, or other disaster.

While backups can help to protect against data loss, they also pose a security risk if the backup copies are not properly secured. Backup copies of sensitive data could be accessed by unauthorized individuals or exposed in case of a breach or data loss incident. It's most likely A and B.

The two options that the IT department should enable on the workstations to remain compliant with common regulatory controls when storing credit card data are: A. Encryption: Encryption should be used to protect sensitive information such as credit card data from being accessed by unauthorized individuals. This can be achieved by encrypting the hard drive or using file-level encryption. B. Antivirus: Antivirus software should be installed and regularly updated on the workstations to protect against malware and other security threats that could compromise the credit card data.

Just looked up the info about PCI DSS, quite sure it's A, but wonder if B. Antivirus is more possible than F. Backups.

You'd want encryption for security measures and also some kind of data backup to ensure integrity of the data.