Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PCI QSA_New_V4 Exam - Topic 4 Question 19 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 19
Topic #: 4
[All QSA_New_V4 Questions]

What should the assessor verify when testing that cardholder data Is protected whenever It Is sent over open public networks?

Show Suggested Answer Hide Answer
Suggested Answer: C

Requirement for Secure Transmission:

PCI DSS Requirement 4.1 mandates that cardholder data sent over open public networks must be protected with strong cryptographic protocols. Accepting only trusted keys ensures data integrity and prevents unauthorized access.

Key Validation Practices:

Trusted keys and certificates are verified to ensure authenticity. Using untrusted keys compromises the security of the encrypted communication.

Prohibited Practices:

A/D: Configuring protocols to accept all certificates or lower encryption strength violates PCI DSS encryption guidelines.

B: Proprietary protocols are not inherently compliant unless they meet strong cryptographic standards.

Testing and Verification:

Assessors verify the implementation of trusted keys by examining encryption settings, reviewing certificate chains, and conducting tests to confirm only trusted connections are accepted.


by Lorrine at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rose
1 day ago
Haha, A) The security protocol is configured to accept all digital certificates? That's like putting a "Welcome" mat in front of a bank vault!
upvoted 0 times
...
Thaddeus
22 days ago
B) A proprietary security protocol is used? Hmm, security through obscurity is not a reliable approach.
upvoted 0 times
...
Beckie
27 days ago
D) The security protocol accepts connections from systems with lower encryption strength than required by the protocol? Really? That's like leaving the front door wide open!
upvoted 0 times
...
Leonora
1 month ago
C) The security protocol accepts only trusted keys. This is the correct answer to ensure cardholder data is protected.
upvoted 0 times
...
Sherita
1 month ago
I vaguely remember something about digital certificates, but I can't remember if accepting all of them is secure. That makes me lean towards option A being wrong.
upvoted 0 times
...
Daryl
1 month ago
I feel like we covered the importance of security protocols, but I can't recall if a proprietary protocol is necessarily better. Is B really the best answer?
upvoted 0 times
...
Amber
2 months ago
I'm not entirely sure, but I remember a practice question that mentioned the importance of not accepting lower encryption strengths. Could that relate to option D?
upvoted 0 times
...
Lakeesha
2 months ago
I think we discussed something about verifying trusted keys in class, so maybe option C is the right choice?
upvoted 0 times
...
Caren
2 months ago
I feel pretty confident about this one. The right answer is C - the security protocol accepts only trusted keys. That's the most secure way to verify cardholder data protection over open networks.
upvoted 0 times
...
Bette
2 months ago
I'm a little confused by this question. I'm not totally sure what the differences are between the security protocol options. Maybe I should review my notes on network security protocols before the exam.
upvoted 0 times
...
Antonio
2 months ago
Okay, I've got this. The correct answer is C - the security protocol accepts only trusted keys. That's the best way to protect cardholder data when it's sent over open networks.
upvoted 0 times
...
Dino
2 months ago
Hmm, this is a tricky one. I'm not totally sure about the right answer, but I think the key is making sure the security protocol is configured to only accept trusted keys. That seems like the most secure option.
upvoted 0 times
...
Eleonora
3 months ago
I think I'd start by looking at the options and trying to eliminate the ones that don't seem right. Accepting all digital certificates or lower encryption strength doesn't sound secure to me.
upvoted 0 times
...

Save Cancel