Answer-first summary for fast verification
Answer: Move the cardholder data environment into a separate GCP project.
The correct answer is C because GCP projects provide strong isolation boundaries, and separating the cardholder data environment (CDE) into its own project is a recommended best practice for PCI DSS compliance. This approach minimizes the scope of systems subject to PCI audit by isolating payment processing systems from other workloads like web applications and data processing systems. The community discussion strongly supports this with 100% consensus on answer C, citing Google's PCI DSS compliance documentation and VPC design best practices that recommend project-level isolation for security and compliance boundaries. Other options are less suitable: A (MFA) enhances security but doesn't reduce audit scope; B (PA-DSS) applies to payment applications, not infrastructure scope reduction; D (VPN) secures connectivity but doesn't address the core issue of mixing PCI and non-PCI systems in the same project.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are a security team member at an organization that uses a single GCP project. This project contains credit card payment processing systems, web applications, and data processing systems. Your goal is to reduce the number of systems that are subject to PCI DSS audit requirements. What should you do?
A
Use multi-factor authentication for admin access to the web application.
B
Use only applications certified compliant with PA-DSS.
C
Move the cardholder data environment into a separate GCP project.
D
Use VPN for all connections between your office and cloud environments.
No comments yet.