CompTIA PenTest+ (PT0-002) — Question 175

During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

Answer options

• A. Vulnerability scanning
• B. Network segmentation
• C. System hardening
• D. Intrusion detection

Correct answer: B

Explanation

Network segmentation is the best approach for protecting sensitive data like customer information, as it isolates different parts of the network and restricts access to critical data. The other options, while important, do not provide the same level of data protection; vulnerability scanning identifies issues, system hardening secures systems, and intrusion detection monitors for breaches, but none effectively limits access to sensitive information.