Which statement best describes Requirement 3.6.2 for cryptographic keys?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which statement best describes Requirement 3.6.2 for cryptographic keys?

Explanation:
Key distribution practices are about moving cryptographic keys in a way that keeps them confidential and only reaches authorized recipients. If keys are shared carelessly, the encryption that protects cardholder data stops being effective because anyone who gets the keys can decrypt the data. Therefore, keys must be distributed over authenticated, encrypted channels and through a trusted key-management process (often using an HSM or a secure key-management system), with strict access controls, proper authorization, and auditable logs. Why the other ideas fail is simple: putting keys in a version-control system with broad access means many people can reach them; distributing keys via email can expose them to interception or misdelivery; printing keys and posting them on a wall makes them physically accessible to anyone who sees them. All of these violate secure key distribution and create opportunities for unauthorized access.

Key distribution practices are about moving cryptographic keys in a way that keeps them confidential and only reaches authorized recipients. If keys are shared carelessly, the encryption that protects cardholder data stops being effective because anyone who gets the keys can decrypt the data. Therefore, keys must be distributed over authenticated, encrypted channels and through a trusted key-management process (often using an HSM or a secure key-management system), with strict access controls, proper authorization, and auditable logs.

Why the other ideas fail is simple: putting keys in a version-control system with broad access means many people can reach them; distributing keys via email can expose them to interception or misdelivery; printing keys and posting them on a wall makes them physically accessible to anyone who sees them. All of these violate secure key distribution and create opportunities for unauthorized access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy