A web designer is currently verifying that the website data is compliant. Which of the following data types will be protected after confirming that the controls are in place?
The data type most directly associated with compliance controls for websites is credit card (payment card) data. Payment card information is regulated by strict industry security requirements (commonly aligned with PCI DSS) and is a prime example of sensitive data that must be protected through confidentiality, access controls, encryption, logging, and secure handling procedures. PCI DSS is specifically focused on securing payment card data.
CompTIA Project+ includes compliance and privacy considerations and information security concepts that impact projects, including data confidentiality and data security, as well as awareness of applicable privacy regulations and organizational compliance concerns. When a designer confirms “controls are in place,” the primary intent is that regulated/sensitive data is protected by those controls.
The distractors are less fitting: mission statements are public-facing strategic content; trademarks relate to intellectual property/branding; and site certificates are security assets used to enable encrypted communication, but they are not the same as the customer data type being protected for compliance. The question is asking which data type would be protected by compliance controls—credit card data is the clearest, most regulated choice.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit