ExpertMedium1 markMultiple Choice
CPA · Question 13 · Area II: Security
A retailer processes credit card transactions. They have segmented their network so that the Cardholder Data Environment (CDE) is isolated from the corporate Wi-Fi network. According to PCI DSS, what is the primary benefit of this segmentation?
A retailer processes credit card transactions. They have segmented their network so that the Cardholder Data Environment (CDE) is isolated from the corporate Wi-Fi network. According to PCI DSS, what is the primary benefit of this segmentation?
Answer options:
A.
It reduces the scope of the PCI DSS assessment.
B.
It eliminates the need for firewalls.
C.
It automatically encrypts all data in transit.
D.
It removes the requirement for quarterly vulnerability scans.
How to approach this question
Recall the strategic reason for network segmentation in compliance contexts.
Full Answer
A.It reduces the scope of the PCI DSS assessment.✓ Correct
A
Network segmentation isolates the Cardholder Data Environment (CDE) from the rest of the network. While not strictly mandatory, it is highly recommended because it reduces the scope of the PCI DSS assessment. Only the CDE and connected systems need to be audited.
Common mistakes
Thinking segmentation replaces other controls like firewalls or scanning.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium