CompTIA Security+ (SY0-601) — Question 574

A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?

Answer options

• A. ISO 27001 certification documents
• B. Proof of PCI DSS compliance
• C. A third-party SOC 2 Type 2 report
• D. Audited GDPR policies

Correct answer: B

Explanation

The correct answer is B because PCI DSS compliance is specifically designed for organizations that handle credit card information, ensuring they meet security standards. While ISO 27001 and SOC 2 reports are valuable, they do not focus solely on payment processing requirements. GDPR policies are relevant for data protection but do not address payment security directly.