Which practice is recommended when dealing with devices during maintenance?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which practice is recommended when dealing with devices during maintenance?

Explanation:
During maintenance, any installation, replacement, or return of devices must be verified. This verification is a key part of change-control and tamper-resistance: it ensures the device is authorized, authentic, and has not been tampered with, and that proper records and approvals are in place before proceeding. Verifying before making changes protects the cardholder data environment from introducing untrusted hardware, rogue firmware, or tampered components. It also provides traceability—you know exactly what was changed, by whom, and that it complies with security policies. Options that skip verification or impose unnecessary delays undermine security: installing on request without validation can bring in unknown or compromised devices; returning equipment to a vendor without checking it first risks counterfeit or tampered units; waiting a full day for approval slows maintenance without guaranteeing safer outcomes. The right practice is to confirm authorization and integrity before any installation, replacement, or return.

During maintenance, any installation, replacement, or return of devices must be verified. This verification is a key part of change-control and tamper-resistance: it ensures the device is authorized, authentic, and has not been tampered with, and that proper records and approvals are in place before proceeding.

Verifying before making changes protects the cardholder data environment from introducing untrusted hardware, rogue firmware, or tampered components. It also provides traceability—you know exactly what was changed, by whom, and that it complies with security policies.

Options that skip verification or impose unnecessary delays undermine security: installing on request without validation can bring in unknown or compromised devices; returning equipment to a vendor without checking it first risks counterfeit or tampered units; waiting a full day for approval slows maintenance without guaranteeing safer outcomes. The right practice is to confirm authorization and integrity before any installation, replacement, or return.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy