Which sub-requirement concerns administering user accounts, including additions, deletions, and modifications?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

Which sub-requirement concerns administering user accounts, including additions, deletions, and modifications?

Explanation:
Administering user accounts means provisioning and managing the entire lifecycle of access: creating accounts for new users, updating permissions as roles change, and removing or disabling accounts when access is no longer needed. The sub-requirement that directly covers this practice specifies the need to administer user accounts, including additions, deletions, and modifications. Having a formal process for this ensures that only authorized individuals have access to cardholder data, and that access is promptly adjusted or removed as needed, which supports least privilege and auditability. Other sub-requirements in the vicinity focus on different aspects of access control and security, such as how authentication credentials are managed or how sessions are controlled or terminated. Those are important for overall security but do not address the provisioning and deprovisioning of user accounts themselves.

Administering user accounts means provisioning and managing the entire lifecycle of access: creating accounts for new users, updating permissions as roles change, and removing or disabling accounts when access is no longer needed. The sub-requirement that directly covers this practice specifies the need to administer user accounts, including additions, deletions, and modifications. Having a formal process for this ensures that only authorized individuals have access to cardholder data, and that access is promptly adjusted or removed as needed, which supports least privilege and auditability.

Other sub-requirements in the vicinity focus on different aspects of access control and security, such as how authentication credentials are managed or how sessions are controlled or terminated. Those are important for overall security but do not address the provisioning and deprovisioning of user accounts themselves.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy