CCDE: Cisco Certified Design Expert (Practical) — Question 196

As a service provider is implementing Strong Access Control Measures, which two of the following PCI Data Security Standard requirements must be met? (Choose two.)

Answer options

• A. Assign a unique ID to each person with computer access
• B. Encrypt transmission of cardholder data across open or public networks
• C. Each location must require validating PCI compliance if business has multiple locations
• D. Protect stored cardholder data
• E. Restrict access to cardholder data to on a need-to-know basis

Correct answer: A, E

Explanation

The correct answers are A and E because assigning unique IDs ensures traceability and accountability for each user accessing the system, while restricting access on a need-to-know basis minimizes the risk of unauthorized data exposure. Options B, C, and D, while important for overall PCI compliance, do not directly pertain to strong access control measures.