CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following is incorrect about the storage of sensitive data in PCI Card Info?

Store cardholder details in a separate database
Do not store CVV2 values
Store card number only
Store card details encrypted

The correct answer is: Store card number only

The choice indicating that storing card numbers only is incorrect because, while PCI DSS (Payment Card Industry Data Security Standard) does allow storing specific cardholder data under certain conditions, simply storing card numbers without additional security measures or compliance with PCI requirements is considered a violation. The PCI DSS requires that any cardholder data stored must be protected through encryption, access controls, and other security measures. In practice, the PCI DSS emphasizes that organizations must adopt a holistic security approach, which includes not only the proper storage of card numbers but also compliance with guidelines for other sensitive information related to cardholder data, such as maintaining proper access controls and logging. Therefore, it's not sufficient to merely store card numbers; organizations must ensure they are doing so in a secure manner that complies with the standards set forth by PCI DSS. Other choices are indeed compliant with PCI standards; for example, not storing CVV2 values is a requirement under PCI DSS, and storing cardholder data encrypted is a fundamental best practice for security. Additionally, storing cardholder details in a separate database helps to mitigate the risk of exposure by compartmentalizing sensitive information.