Certified Ethical Hacker (CEH v11) — Question 39

What is not a PCI compliance recommendation?

Answer options

• A. Use a firewall between the public network and the payment card data.
• B. Use encryption to protect all transmission of card holder data over any public network.
• C. Rotate employees handling credit card transactions on a yearly basis to different departments.
• D. Limit access to card holder data to as few individuals as possible.

Correct answer: C

Explanation

The correct answer is C because rotating employees handling credit card transactions is not a PCI compliance recommendation; it focuses on securing data rather than employee movement. Options A, B, and D are all valid recommendations aimed at protecting cardholder data and maintaining PCI compliance.