For wireless environments connected to the cardholder data environment, what action is required at installation?

• A. Leave wireless vendor defaults unchanged.
• B. Change only the wireless password.
• C. Change all wireless vendor defaults at installation, including keys, passwords, and SNMP strings.
• D. Replace wireless with wired connections only.

Answer: (C)

When configuring wireless devices that connect to the cardholder data environment, you must start with secure, non-default settings. Vendor defaults are widely known and easy for attackers to guess or obtain, so leaving any default in place creates an open door into the network and, potentially, the CHD. Changing just one piece, like the wireless password, leaves other critical defaults—such as encryption keys and SNMP community strings—exposed and usable for unauthorized access or remote management. There’s no requirement to abandon wireless in favor of wired, so the correct approach is to replace all vendor defaults during installation, covering keys, passwords, and SNMP strings, to establish a solid, non-default baseline from the start.