What should be verified to ensure outbound traffic from the CDE to Internet is properly controlled?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Requirements Test with our interactive quizzes. Use multiple choice questions, flashcards, and detailed explanations. Ace your exam with confidence!

Multiple Choice

What should be verified to ensure outbound traffic from the CDE to Internet is properly controlled?

Explanation:
Controlling outbound traffic from the CDE relies on explicit egress rules. The correct approach is to review firewall and router configurations to confirm that outbound connections from the CDE to the Internet are explicitly authorized, with a default-deny posture in place. This ensures only the necessary destinations, protocols, and ports are allowed, and everything else is blocked unless there’s an approved rule. Rationale: encryption alone does not determine whether traffic should be allowed; you can have encrypted traffic that is not authorized to leave the CDE. Saying no outbound traffic is ever authorized is too restrictive for legitimate operations, and allowing outbound traffic by default is unsafe. The explicit authorization approach aligns with the principle of least privilege and PCI DSS guidance to verify and document approved egress rules.

Controlling outbound traffic from the CDE relies on explicit egress rules. The correct approach is to review firewall and router configurations to confirm that outbound connections from the CDE to the Internet are explicitly authorized, with a default-deny posture in place. This ensures only the necessary destinations, protocols, and ports are allowed, and everything else is blocked unless there’s an approved rule.

Rationale: encryption alone does not determine whether traffic should be allowed; you can have encrypted traffic that is not authorized to leave the CDE. Saying no outbound traffic is ever authorized is too restrictive for legitimate operations, and allowing outbound traffic by default is unsafe. The explicit authorization approach aligns with the principle of least privilege and PCI DSS guidance to verify and document approved egress rules.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy