Question 1 - COMPTIA Cloud+ CV0-004 Real Exam Questions [March 2026 Update]

Q: 1

Which of the following industry standards mentions that credit card data must not be exchanged or stored in cleartext?

Options

Discussion

Leo Feb 27, 2026 2:26 am

Option D

Sara L. Feb 18, 2026 3:53 pm

I don’t think it’s B. D is right because PCI-DSS specifically bans cleartext storage and transmission of cardholder data. GDPR covers general personal info, not this level of technical detail for credit cards.

Taylor Feb 16, 2026 6:53 pm

Yeah, that's D. PCI-DSS specifically requires credit card data to be encrypted and never stored or transmitted in cleartext. The other standards don't call this out as directly, pretty sure PCI is the one they want here.

Ben Mar 1, 2026 6:40 am

Pretty sure it's D. PCI-DSS is all about protecting cardholder data and says no cleartext allowed.

Neha Q. Feb 15, 2026 10:32 am

D (PCI-DSS). Saw this exact phrasing on some practice sets and PCI-DSS was always picked for credit card data rules.

Ajay Mar 2, 2026 8:11 pm

B/D? I keep seeing folks swap to B (GDPR) if they mention personal data instead of credit cards. For credit card data, D fits, but depending on wording, it can get tricky. Anyone else second-guess this?

QuietDev706 Mar 4, 2026 12:17 pm

D imo, but that's only because they explicitly mention credit card data. If the question was about general personal or customer data, B (GDPR) could apply instead. Seen this wording on some practice sets where that switch totally changes the answer. Anyone else catch that nuance?

Jack K. Feb 28, 2026 11:58 am

D , PCI-DSS directly calls out credit card data in cleartext, not GDPR. SOC2 is a trap here.

PracticalConsultant9363 Feb 27, 2026 5:32 am

D seen similar question on practice before and PCI-DSS was correct.

SkepticalArchitect9201 Feb 13, 2026 7:42 am

D , but swap to B if they said personal data instead of credit cards.

Be respectful. No spam.

Correct Answer:

Explanation

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. A fundamental principle of PCI-DSS is the protection of cardholder data. Specifically, Requirement 3 mandates the protection of stored cardholder data, requiring the Primary Account Number (PAN) to be rendered unreadable wherever it is stored. Requirement 4 mandates the encryption of cardholder data during transmission over open, public networks. These requirements directly address the prohibition of exchanging or storing credit card data in cleartext.

Why Incorrect

A. CSA: The Cloud Security Alliance (CSA) provides research and best practices for cloud security (e.g., the Cloud Controls Matrix), but it is not a regulatory standard specifically for credit card data.

B. GDPR: The General Data Protection Regulation (GDPR) is a European Union regulation focused on the protection of personal data and privacy of EU citizens, not exclusively on payment card information.

C. SOC 2: A Service Organization Control 2 (SOC 2) report is an audit of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy, but it is not the specific standard governing credit card data.

References

1. PCI Security Standards Council. (2022). Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures

Version 4.0. Page 48

Requirement 3.5.1 states

"Primary account number (PAN) is rendered unreadable wherever it is stored." Page 58

Requirement 4.2.1 states

"Strong cryptography and security protocols are used to safeguard PAN during transmission over open

public networks."

2. Amazon Web Services (AWS). (2024). PCI DSS Compliance. AWS Compliance Documentation. Retrieved from https://aws.amazon.com/compliance/pci-dss-level-1-faqs/. The documentation states

"The PCI DSS is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes."

3. Microsoft Azure. (2024). Azure compliance documentation: PCI DSS. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-pci-dss. The document clarifies

"The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data."

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE