Which statement best describes the purpose of audit trails under PCI DS?

• A. They must link each access to a system component to an individual user.
• B. They are optional if the system handles low volumes.
• C. They only log denied accesses.
• D. They are used only for compliance reviews.

Answer: (A)

Audit trails establish accountability by linking every action on a system component to the person who performed it. In PCI DSS, this capability is essential for security monitoring and incident response: you can reconstruct who did what, when, and from where, and verify that access controls are being followed. That’s why the statement describing the purpose as tying each access to a system component to an individual user is the best fit. This applies regardless of traffic volume and covers both successful and failed actions, not just denials. Audit trails are not just for compliance checks; they enable ongoing security analysis, investigations, and nonrepudiation by providing a complete history of activity.