CCDE: Cisco Certified Design Expert (Practical) — Question 35

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)

Answer options

• A. Ensure that strong cryptography is applied for users who have administrative access through networks
• B. Apply strong cryptography and security protocols to safeguard sensitive cardholder data.
• C. Apply strong encryption for transmission of cardholder data across public networks.
• D. Protect all user systems against malware and frequently update antivirus software
• E. Maintain a policy that addresses information security for employees and third parties.

Correct answer: B, C

Explanation

The correct answers, B and C, specifically focus on the application of strong cryptography and security protocols to protect sensitive cardholder data and ensure secure transmission over public networks, which are essential for PCI DSS compliance. Options A, D, and E, while important for overall security, do not directly address the migration to TLSv1.2 and the specific requirements for protecting cardholder data.