An enterprise has decided to implement a new service that will process credit card information. They will deploy this service within their private cloud.
They have a affiliation with a public cloud provider that claims to be PCI compliant.
The enterprise would like to implement a service that is PCI compliant with a minimal amount of effort. The service is protected by a policy-based intrusion detection system (IDS). Cardholder data is securely communicated to the web interface.
Which additional design considerations would best be suited for this implementation?
A. The card number is masked as it is typed and is immediately encrypted, stored, and securely sent directly to the credit card processing system. Credit card information is stored within the public cloud provider using AES 128 encryption.
B. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. No credit card information is stored locally within the application.
C. The card number is masked as it is typed and is immediately encrypted and securely sent directly to the credit card processing system. Credit card information is backed up to the private cloud system and stored using AES 256 encryption.
D. The card number is masked as it is typed and is immediately encrypted and securely sent to both the credit card processing system and to private cloud for historical tracking and reporting only.
|
Download Printable PDF. VALID exam to help you PASS. |
 |