What is not a PCI compliance recommendation?
A.
Limit access to card holder data to as few individuals as possible.
B.
Use encryption to protect all transmission of card holder data over any public network.
C.
Rotate employees handling credit card transactions on a yearly basis to different departments.
D.
Use a firewall between the public network and the payment card data.
correct answer is C.
see the 12 requiremements for PCI-DSS here: http://searchsecurity.techtarget.com/definition/PCI-DSS-12-requirements