PCI DSS most certainly requires segmentation.
PCI DSS Requirement 11.3.4 requires penetration testing to validate that segmentation controls and methods
are operational, effective, and isolate all out-of-scope systems from systems in the CDE.
2.2.3 Testing Segmentation Controls
The intent of segmentation is to prevent out-of-scope systems from being able to communicate with
systems in the CDE or impact the security of the CDE. When properly implemented, a segmented (out-ofscope) system component could not impact the security of the CDE, even if an attacker obtained control
of the out-of-scope system
B. The network must be segmented.
Explanation:
B. The network must be segmented:
• PCI DSS Requirement 11.3 specifies that penetration testing must be conducted to identify and exploit vulnerabilities that could be used to compromise the security of the cardholder data environment (CDE). One of the key requirements is to ensure that the CDE is segmented from other networks to reduce the scope of PCI DSS requirements and limit exposure.
I think it is B
not A because - Certifications held by a penetration tester may be an indication of the skill level and competence of a potential penetration tester or company. While these are not required certifications, they can indicate a common body of knowledge held by the candidate.
not C - pentest should also assess internal systems to be sure, that it does not contain hidden vulnerabilities
not D - time is part of the a agreement, PCI does not specify time
The Payment Card Industry Data Security Standard (PCI DSS) outlines various requirements for protecting cardholder data. Among the options listed, the one that aligns with PCI DSS as part of the penetration-testing process is:
B. The network must be segmented.
Explanation:
Option B: Network segmentation is a common practice to isolate different parts of the network and minimize the risk of unauthorized access to sensitive areas, such as those that handle cardholder data. PCI DSS requires network segmentation as a way to reduce the scope of the PCI environment, making it easier to secure and comply with the standard.
https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.tevora.com/blog/understanding-pci-penetration-testing-and-vulnerability-scanning-requirements/&ved=2ahUKEwjChb2O-dD9AhXJ-KQKHSv8BPkQFnoECDAQAQ&usg=AOvVaw3H5-3THtNlpcDigpoR11ZG
B is the answer
Having internal and external networks means it is segmented lol.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Random_Mane
Highly Voted 2 years, 7 months agoryanzou
Highly Voted 2 years, 9 months agoEtc_Shadow28000
Most Recent 1 year agomehewas855
1 year, 7 months agosolutionz
1 year, 11 months agoKingIT_ENG
2 years, 4 months agonickwen007
2 years, 4 months ago[Removed]
2 years, 4 months ago[Removed]
2 years, 4 months agoKingIT_ENG
2 years, 4 months agokloug
2 years, 5 months ago[Removed]
2 years, 5 months agomasso435
2 years, 7 months agoMr_BuCk3th34D
2 years, 6 months ago[Removed]
2 years, 6 months ago