nerdexam
EC-Council

312-50V13 · Question #203

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to

The correct answer is C. Assign a unique ID to each person with computer access.. Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.

Submitted by jaden.t· Mar 6, 2026Introduction to Ethical Hacking

Question

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Options

  • ARegularly test security systems and processes.
  • BEncrypt transmission of cardholder data across open, public networks.
  • CAssign a unique ID to each person with computer access.
  • DUse and regularly update anti-virus software on all systems commonly affected by malware.

How the community answered

(58 responses)
  • B
    3% (2)
  • C
    95% (55)
  • D
    2% (1)

Why each option

Under PCI DSS, assigning a unique ID to each person with computer access is a core requirement for implementing strong access control measures, enabling individual accountability.

ARegularly test security systems and processes.

Regularly testing security systems and processes falls under PCI DSS Requirement 11 (Regularly Test Security Systems and Processes), not specifically access control.

BEncrypt transmission of cardholder data across open, public networks.

Encrypting transmission of cardholder data across open, public networks is covered by PCI DSS Requirement 4 (Encrypt transmission of cardholder data), which focuses on data protection, not access control.

CAssign a unique ID to each person with computer access.Correct

Assigning a unique ID to each person with computer access is a fundamental principle of strong access control, as it enables individual accountability for actions performed on systems and allows for precise management of permissions, directly fulfilling a key aspect of the 'Implement strong access control measures' objective in PCI DSS.

DUse and regularly update anti-virus software on all systems commonly affected by malware.

Using and regularly updating anti-virus software is a PCI DSS Requirement 5 (Protect all systems from malware and regularly update anti-virus software), related to malware protection, not access control.

Concept tested: PCI DSS requirements and access control

Source: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

Topics

#PCI DSS#access control#unique user IDs#compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice