SSL/early TLS may be used by POS POI terminals that are verified as not susceptible to known exploits.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

SSL/early TLS may be used by POS POI terminals that are verified as not susceptible to known exploits.

Explanation:
SSL/early TLS is typically discouraged because these protocols have known vulnerabilities and are not suitable for protecting cardholder data in transit. Yet there is a narrowly defined allowance within PCI guidance for POS POI terminals that have been tested and verified as not susceptible to those known exploits. If a device can be demonstrated to be resistant to the identified vulnerabilities and is deployed with appropriate risk controls—such as strong network segmentation, restricted access, and ongoing monitoring—then using SSL/early TLS for that specific terminal can be permitted. This is why the statement is considered true: it states a conditional exception rather than a blanket rule. If a terminal cannot be shown to be not susceptible, then SSL/early TLS would not be allowed.

SSL/early TLS is typically discouraged because these protocols have known vulnerabilities and are not suitable for protecting cardholder data in transit. Yet there is a narrowly defined allowance within PCI guidance for POS POI terminals that have been tested and verified as not susceptible to those known exploits. If a device can be demonstrated to be resistant to the identified vulnerabilities and is deployed with appropriate risk controls—such as strong network segmentation, restricted access, and ongoing monitoring—then using SSL/early TLS for that specific terminal can be permitted. This is why the statement is considered true: it states a conditional exception rather than a blanket rule. If a terminal cannot be shown to be not susceptible, then SSL/early TLS would not be allowed.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy