Which of the following meets PCI DSS requirements for configuration of a perimeter firewall?

The correct answer focuses on the principle of least privilege and the importance of establishing a secure perimeter in compliance with PCI DSS requirements. The guideline dictates that only specifically permitted traffic should be allowed through the firewall; all other traffic should be denied by default.

Having a rule at the end of the rule set to deny any traffic that has not been explicitly permitted ensures that only authorized communications can occur. This configuration minimizes the risk of unauthorized access and enhances overall security, aligning with the PCI DSS standard of protecting cardholder data by controlling network access.

In contrast, a rule that permits any traffic not explicitly denied might inadvertently allow harmful or unauthorized traffic, which is a significant security risk. Denying important protocols or granting unrestricted access to critical systems would also create vulnerabilities, as they could expose sensitive systems to potential threats from the internet or other untrusted networks. Therefore, the comprehensive approach of using explicit deny rules at the end of the rule set effectively mitigates risks and aligns with PCI DSS requirements for firewall configurations.