When you test an application that requires PCI compliance, which three methodologies
should be considered? (Choose three.)

A.
a firewall as part of the topology

B.
two-factor authentication for administrators

C.
mandatory TLS pinning

D.
data loss prevention controls

E.
default system passwords and AAA configuration

F.
in-flight data encryption

Explanation: