Certified Ethical Hacker (CEH v12) — Question 263

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company.

Which information security standard is most applicable to his role?

Answer options

• A. FISMA
• B. Sarbanes-Oxley Act
• C. HITECH
• D. PCI-DSS

Correct answer: D

Explanation

The correct answer is PCI-DSS, as it specifically addresses security standards for organizations that handle credit card transactions, ensuring the protection of cardholder data. FISMA pertains to federal information systems, Sarbanes-Oxley focuses on corporate governance and financial disclosures, and HITECH relates to healthcare information, making them less relevant to a credit card company.