What is the objective of 1.2 regarding untrusted networks?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

What is the objective of 1.2 regarding untrusted networks?

Explanation:
The main idea is to prevent direct access from networks you don’t control (untrusted networks, like the Internet) to anything in the cardholder data environment. The objective is to design firewall and router configurations that restrict connections between these untrusted networks and every system component in the CDE, so only the minimum必要 services and paths are allowed and everything else is blocked. This segmentation reduces the attack surface and helps ensure that cardholder data isn’t exposed to external networks. Why this is the best choice: it aligns with the goal of tightly controlling network access to the CDE, using firewalls and routers to enforce boundaries and least-privilege connectivity. Why the other options don’t fit: they either imply unrestricted access from untrusted networks, focus only on outbound Internet traffic without protecting the CDE, or claim that internal networks can be exposed to untrusted networks—none of which meet the requirement to restrict and control connections to the CDE.

The main idea is to prevent direct access from networks you don’t control (untrusted networks, like the Internet) to anything in the cardholder data environment. The objective is to design firewall and router configurations that restrict connections between these untrusted networks and every system component in the CDE, so only the minimum必要 services and paths are allowed and everything else is blocked. This segmentation reduces the attack surface and helps ensure that cardholder data isn’t exposed to external networks.

Why this is the best choice: it aligns with the goal of tightly controlling network access to the CDE, using firewalls and routers to enforce boundaries and least-privilege connectivity.

Why the other options don’t fit: they either imply unrestricted access from untrusted networks, focus only on outbound Internet traffic without protecting the CDE, or claim that internal networks can be exposed to untrusted networks—none of which meet the requirement to restrict and control connections to the CDE.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy