CompTIA Security+ (SY0-601) — Question 269

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this type of assessment?

Answer options

• A. An international expansion project is currently underway.
• B. Outside consultants utilize this tool to measure security maturity.
• C. The organization is expecting to process credit card information.
• D. A government regulator has requested this audit to be completed.

Correct answer: C

Explanation

The correct answer is C because organizations that plan to handle credit card data must comply with PCI DSS requirements to ensure security and protect sensitive information. While options A, B, and D may involve assessments, they do not directly relate to the necessity of compliance with PCI DSS for processing credit card information.