What should happen to a user ID when access is no longer required due to termination or role change?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

What should happen to a user ID when access is no longer required due to termination or role change?

Explanation:
When access is no longer needed because someone has terminated or moved to a different role, the user ID should be immediately revoked or disabled. This is about removing access promptly to prevent any possibility of unauthorized entry to systems or cardholder data. Delaying deprovisioning creates a window where the former user (or someone who steals their credentials) could still access sensitive information, and it can complicate access reviews and compliance requirements. Keeping the ID active for any period, archiving it without disabling access, or reassigning the ID to someone else without updating permissions all fail to eliminate the risk or ensure appropriate access control. Immediate deactivation ensures that permissions align with the current state of employment and supports a strong, ongoing security posture.

When access is no longer needed because someone has terminated or moved to a different role, the user ID should be immediately revoked or disabled. This is about removing access promptly to prevent any possibility of unauthorized entry to systems or cardholder data. Delaying deprovisioning creates a window where the former user (or someone who steals their credentials) could still access sensitive information, and it can complicate access reviews and compliance requirements.

Keeping the ID active for any period, archiving it without disabling access, or reassigning the ID to someone else without updating permissions all fail to eliminate the risk or ensure appropriate access control. Immediate deactivation ensures that permissions align with the current state of employment and supports a strong, ongoing security posture.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy