Cisco Meraki Solutions Specialist — Question 18

Which technique is not a PCI requirement but is considered a best practice for limiting the cardholder data environment (CDE) from the remainder of a corporate network?

Answer options

• A. Limit inbound connections to the CDE while allowing all outbound connections originating from the CDE.
• B. Establishing wired network segmentation between the CDE and the rest of the corporate network.
• C. Implementing identical firewall rules between corporate and CDE egress points.
• D. Incorporate the CDE within the corporate network's established Demilitarized Zone (DMZ).

Correct answer: B

Explanation

Option B is correct because establishing wired network segmentation is a recognized best practice that helps isolate the CDE, enhancing security. Options A and C discuss connection rules that may not effectively separate the CDE, while option D incorrectly places the CDE in a DMZ, which can expose it to additional risks.