Which action satisfies requirement 9.8.2 for electronic media?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which action satisfies requirement 9.8.2 for electronic media?

Explanation:
The action tested is sanitizing electronic media that stores cardholder data so that the data cannot be recovered. Requirement 9.8.2 specifies that when electronic media containing cardholder data is no longer needed or is being repurposed or disposed of, the data must be rendered unrecoverable. This means using methods like physical destruction (crushing, shredding), degaussing for magnetic media, or cryptographic erasure (destroying the encryption keys so the data cannot be decrypted). Relying on encryption alone isn’t enough for disposal, because if the media is discarded with the keys available or if the keys aren’t destroyed, the data could still be recovered. Deleting a file without overwriting leaves residual data that can often be recovered, and archiving indefinitely keeps the data accessible rather than making it unrecoverable. So the best-fit action is to render the data unrecoverable on the electronic media.

The action tested is sanitizing electronic media that stores cardholder data so that the data cannot be recovered. Requirement 9.8.2 specifies that when electronic media containing cardholder data is no longer needed or is being repurposed or disposed of, the data must be rendered unrecoverable. This means using methods like physical destruction (crushing, shredding), degaussing for magnetic media, or cryptographic erasure (destroying the encryption keys so the data cannot be decrypted). Relying on encryption alone isn’t enough for disposal, because if the media is discarded with the keys available or if the keys aren’t destroyed, the data could still be recovered. Deleting a file without overwriting leaves residual data that can often be recovered, and archiving indefinitely keeps the data accessible rather than making it unrecoverable. So the best-fit action is to render the data unrecoverable on the electronic media.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy