SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals verified as not susceptible to known exploits.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals verified as not susceptible to known exploits.

Explanation:
The main idea being tested is how PCI treats SSL and early TLS as protections for card data. SSL and early TLS are now considered weak cryptography because they have known vulnerabilities and weaknesses that modern protocols have mitigated. Because of that, they should not be relied on as the primary security control to protect cardholder data in transit. PCI DSS directs you to use stronger protocols, like TLS 1.2 or higher, and to avoid SSL/early TLS for protecting payment data. There is a very narrow exception for POS POI (point-of-interaction) terminals: these devices may be permitted to use SSL/early TLS only if they have been verified as not susceptible to known exploits. This is not a general allowance for all systems, but a specific, limited allowance for certain legacy payment terminals after proper verification. So the statement is true: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals verified as not susceptible to known exploits.

The main idea being tested is how PCI treats SSL and early TLS as protections for card data. SSL and early TLS are now considered weak cryptography because they have known vulnerabilities and weaknesses that modern protocols have mitigated. Because of that, they should not be relied on as the primary security control to protect cardholder data in transit. PCI DSS directs you to use stronger protocols, like TLS 1.2 or higher, and to avoid SSL/early TLS for protecting payment data.

There is a very narrow exception for POS POI (point-of-interaction) terminals: these devices may be permitted to use SSL/early TLS only if they have been verified as not susceptible to known exploits. This is not a general allowance for all systems, but a specific, limited allowance for certain legacy payment terminals after proper verification.

So the statement is true: SSL/early TLS is not considered strong cryptography and may not be used as a security control, except by POS POI terminals verified as not susceptible to known exploits.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy