Which statement aligns with protecting cardholder data under PCI compliance?

Safeguarding cardholder data requires protecting it both when it’s stored and when it’s transmitted over networks. PCI DSS emphasizes both aspects: data at rest must be protected so unauthorized users can’t access stored PANs or other sensitive data, and data in transit across open, public networks must be encrypted to prevent interception. The best statement aligns with this dual protection: protect stored cardholder data and encrypt transmission of cardholder data across public networks. That combination addresses the two core risk areas PCI DSS targets—data at rest and data in transit—by promoting strong encryption for data in motion and robust safeguards for data at rest, such as encryption, tokenization, masking, and strict access controls. The other options fall short because they cover only one side of the protection. Encrypting data in transit without protecting stored data leaves data vulnerable if it’s accessed from storage. Conversely, protecting stored data without encrypting in transit leaves data exposed as it moves across networks. Disabling encryption directly contradicts PCI requirements and increases risk.