Topic 1 Question 35
You are a member of the security team at an organization. Your team has a single GCP project with credit card payment processing systems alongside web applications and data processing systems. You want to reduce the scope of systems subject to PCI audit standards. What should you do?
Use multi-factor authentication for admin access to the web application.
Use only applications certified compliant with PA-DSS.
Move the cardholder data environment into a separate GCP project.
Use VPN for all connections between your office and cloud environments.
ユーザの投票
コメント(7)
I'd go for answer C myself.
https://cloud.google.com/solutions/best-practices-vpc-design
👍 21jonclem2020/03/26- 👍 7[Removed]2020/10/29
The Answer is C. Check "Setting up your payment-processing environment" section in https://cloud.google.com/solutions/pci-dss-compliance-in-gcp. In the question, it is mentioned that it is the same environment for card processing as the Web App and Data processing and that is not recommended.
👍 4smart1232020/06/12
シャッフルモード