A financial-services firm is deploying new Windows 11 workstations that will locally store customers' personally identifiable information (PII). Government and industry regulations such as PCI DSS require that customer data remain unreadable if a workstation is lost or stolen. Which of the following actions BEST satisfies this regulatory requirement?
Disable or remove Windows services that are not required for daily operation.
Enable full-disk encryption (e.g., BitLocker) on the workstation.
Have technicians wear an antistatic wrist strap when servicing the PC.
Configure a complex password policy that forces 12-character passwords.
Full-disk encryption (for example, BitLocker) renders all data on the drive unreadable without the decryption key, directly meeting PCI DSS Requirement 3.4, which states that stored sensitive data must be unreadable.
Disabling unused services (PCI DSS 2.2.4) and enforcing complex passwords (PCI DSS 8.2.3, HIPAA §164.308(a)(5)(ii)(D)) are important compliance controls, but by themselves they do not guarantee that data is unreadable if the device is lost. Wearing an antistatic wrist strap is a hardware-safety precaution and is unrelated to data-protection regulations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is full-disk encryption, and why is it important?
Open an interactive chat with Bash
What is PCI DSS, and how does it relate to data security?
Open an interactive chat with Bash
How does BitLocker protect data on a Windows workstation?