A data analyst at an e-commerce company is tasked with analyzing customer transaction data stored in a database. The dataset contains the customer's full name, shipping address, and the complete, unencrypted 16-digit Primary Account Number (PAN). To adhere to the Payment Card Industry Data Security Standard (PCI DSS), which of the following is the most critical measure to apply to the PAN data at rest?
Ensure the data is sent from the database to the analyst's tool over an encrypted channel.
Render the PAN unreadable using an approved method like truncation, tokenization, or encryption.
Implement role-based access control to limit who can query the transaction table.
Anonymize the customer name and shipping address fields in the table.
The correct answer is to render the PAN unreadable using an approved method like truncation, tokenization, or encryption. PCI DSS Requirement 3 specifically mandates that stored Primary Account Numbers (PAN) must be protected. Requirement 3.4 states that the PAN must be rendered unreadable wherever it is stored. Acceptable methods include one-way hashing, truncation (storing only a segment of the PAN, such as the first six and last four digits), tokenization (replacing the PAN with a non-sensitive value), and strong encryption.
Implementing role-based access control is a necessary part of PCI DSS (Requirement 7), but it is not sufficient on its own. If the data itself is stored unencrypted, a breach of an authorized user's credentials would still expose the plaintext PANs.
Encrypting data in transit (Requirement 4) is also a key part of PCI DSS, but it does not address the risk of the data being stored insecurely at rest in the database.
Anonymizing other personally identifiable information like the name and address is a good general data privacy practice but does not address the specific and primary PCI DSS requirement to protect the PAN itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PCI DSS and why is it important?
Open an interactive chat with Bash
What are the approved methods to render a PAN unreadable?
Open an interactive chat with Bash
Why is encryption of data at rest different from encryption in transit?
Open an interactive chat with Bash
CompTIA Data+ DA0-002 (V2)
Data Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .