Question 14 - ISC2 CC Certified in Cybersecurity Real Exam Questions [Jan 2026 Update]

Q: 14

Which of these is the PRIMARY objective of the PCI-DSS standard?

Options

Correct Answer:

Explanation

The Payment Card Industry Data Security Standard (PCI-DSS) is a global information security standard created by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB). Its primary and explicit objective is to enhance the security of cardholder data and promote a secure environment for accepting, processing, storing, or transmitting credit card information. The standard provides a baseline of technical and operational requirements designed to protect account data and prevent credit card fraud.

Why Incorrect

A. Change Management is a specific procedural requirement within the PCI-DSS framework (e.g., Requirement 6), not the overall objective of the standard itself.

B. While cardholder data is a type of Personally Identifiable Information (PII), the scope of PCI-DSS is narrowly focused on payment card data, not all forms of PII.

C. Protected Health Information (PHI) is the specific focus of healthcare regulations such as the Health Insurance Portability and Accountability Act (HIPAA), not PCI-DSS.

References

1. PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard

Requirements and Testing Procedures

Version 4.0. (March 2022). Page 8

Section "Introduction." The document states

"The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally."

2. Carnegie Mellon University

Information Security Office. PCI DSS Compliance. The university's official documentation states

"The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept

process

store or transmit credit card information maintain a secure environment."

3. Cornell University

IT Security & Policy. Regulated Data Chart. The chart explicitly defines PCI as applying to "Credit/debit card numbers..." and distinguishes it from PII and PHI

which are governed by different regulations. This clarifies the distinct and primary focus of the standard.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE