CompTIA CySA+ (CS0-003) — Question 516

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?

Answer options

• A. PCI Security Standards Council
• B. Local law enforcement
• C. Federal law enforcement
• D. Card issuer

Correct answer: D

Explanation

The correct answer is D, as PCI DSS requires organizations to notify the card issuer when a breach occurs involving customer transactions. Options A, B, and C are not specifically mandated under PCI DSS for reporting such breaches, making them less relevant in this context.