Requirement 6.4.3.1clarifies that if live PANs are to be used in testing, the test environment mustmeet all applicable PCI DSS controls. Thus,testing with live PAN is only allowed if the test environment is within the CDEand fully secured.
Option A:❌Incorrect. Testing should not happen in production.
Option B:❌Incorrect. It must be within the CDE if live PAN is involved.
Option C:✅Correct. Live PANs can be used inpre-production environments within the CDE.
Option D:❌Incorrect. There’s no requirement to test only within QSA environments.
[Reference:PCI DSS v4.0.1 – Requirement 6.4.3.1 and its Applicability Note., , , ]
Submit