312-50V13 · Question #203
312-50V13 Question #203: Real Exam Question with Answer & Explanation
The correct answer is C: Assign a unique ID to each person with computer access.. Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.
Question
The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?
Options
- ARegularly test security systems and processes.
- BEncrypt transmission of cardholder data across open, public networks.
- CAssign a unique ID to each person with computer access.
- DUse and regularly update anti-virus software on all systems commonly affected by malware.
Explanation
Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.
Common mistakes.
- A. Regularly testing security systems and processes falls under PCI DSS Requirement 11 (Regularly Test Security Systems and Processes), not specifically access control.
- B. Encrypting transmission of cardholder data across open, public networks is covered by PCI DSS Requirement 4 (Encrypt transmission of cardholder data), which focuses on data protection, not access control.
- D. Using and regularly updating anti-virus software is a PCI DSS Requirement 5 (Protect all systems from malware and regularly update anti-virus software), related to malware protection, not access control.
Concept tested. PCI DSS requirements and access control
Reference. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
Topics
Community Discussion
No community discussion yet for this question.