When you test an application that requires PCI compliance, which three methodologies
should be considered? (Choose three.)
A.
a firewall as part of the topology
B.
two-factor authentication for administrators
C.
mandatory TLS pinning
D.
data loss prevention controls
E.
default system passwords and AAA configuration
F.
in-flight data encryption
Explanation: