Which PCI DSS control specifies the addition, deletion, and modification of user IDs, credentials, and other identifier objects?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which PCI DSS control specifies the addition, deletion, and modification of user IDs, credentials, and other identifier objects?

Explanation:
The main idea tested here is how PCI DSS handles the lifecycle of user identities and their authentication credentials—adding new users, updating existing ones, and removing accounts when they’re no longer needed. This provisioning and deprovisioning process is crucial to ensure that only the right people have access to system components, and that access rights stay in sync with each person’s current role or status. PCI DSS requires a formal, documented process for creating, modifying, and deleting user IDs and credentials, so access is granted, changed, or revoked in a controlled way. This prevents orphaned accounts or credentials from lingering after an employee leaves or changes roles, and it keeps authentication controls aligned with policy. The option that matches this focus on identity lifecycle management is the one that specifies how user IDs, credentials, and other identifier objects are added, deleted, and modified. The other options address related aspects of access control or termination, but they don’t express the comprehensive lifecycle management of identifiers in the same way.

The main idea tested here is how PCI DSS handles the lifecycle of user identities and their authentication credentials—adding new users, updating existing ones, and removing accounts when they’re no longer needed. This provisioning and deprovisioning process is crucial to ensure that only the right people have access to system components, and that access rights stay in sync with each person’s current role or status.

PCI DSS requires a formal, documented process for creating, modifying, and deleting user IDs and credentials, so access is granted, changed, or revoked in a controlled way. This prevents orphaned accounts or credentials from lingering after an employee leaves or changes roles, and it keeps authentication controls aligned with policy.

The option that matches this focus on identity lifecycle management is the one that specifies how user IDs, credentials, and other identifier objects are added, deleted, and modified. The other options address related aspects of access control or termination, but they don’t express the comprehensive lifecycle management of identifiers in the same way.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy