Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PCI Exam QSA_New_V4 Topic 3 Question 2 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 2
Topic #: 3
[All QSA_New_V4 Questions]

A retail merchant has a server room containing systems that store encrypted PAN dat

a. The merchant has Implemented a badge access-control system that Identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

Physical Security Requirements:

PCI DSS Requirement 9.1.1 mandates that physical access control systems (like badge readers) must be protected against tampering or disabling to ensure continuous security.

Current Implementation:

The merchant's badge access-control system provides essential logging of access events but must also be protected against tampering to comply with PCI DSS.

Invalid Options:

B: Video cameras are recommended but not explicitly required if access controls effectively ensure security.

C: Secure deletion of access-control logs is not a PCI DSS requirement; logs must be retained as per retention policies.

D: Motion-sensing alarms are not mandatory under PCI DSS physical security requirements.


Contribute your Thoughts:

Helga
1 months ago
I'm not sure, but I think installing motion-sensing alarms could also be a good additional security measure.
upvoted 0 times
...
Wilda
1 months ago
I agree with Germaine. It makes sense to ensure the access-control system is secure to protect the encrypted PAN data.
upvoted 0 times
...
Jean
1 months ago
Motion-sensing alarms? Nah, that's just asking for trouble. The access-control system is doing its job just fine.
upvoted 0 times
Carin
27 days ago
B: I agree, adding motion-sensing alarms seems excessive.
upvoted 0 times
...
Rene
1 months ago
A: The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...
Tambra
2 months ago
Securely deleting the access data every month? Sounds like a lot of unnecessary work. Can't we just let it pile up?
upvoted 0 times
Wilson
11 days ago
Annelle: That's right, we need to ensure the protection of encrypted PAN data.
upvoted 0 times
...
Leonida
12 days ago
User 3: No, it's necessary to follow PCI DSS physical security requirements.
upvoted 0 times
...
Annelle
13 days ago
User 2: But wouldn't it be easier to just let it pile up?
upvoted 0 times
...
Malinda
18 days ago
User 1: It's important to securely delete the access data regularly to maintain security.
upvoted 0 times
...
...
Germaine
2 months ago
I think the answer is A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Lashandra
2 months ago
Hold up, video cameras in the server room? Isn't that a bit overkill? I mean, the access logs should be enough, right?
upvoted 0 times
...
Mattie
2 months ago
The badge access-control system definitely needs to be protected from tampering. Can't have anyone messing with that!
upvoted 0 times
Dean
26 days ago
D) The merchant must install motion-sensing alarms In addition to the existing access-control system.
upvoted 0 times
...
Noel
29 days ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Jacki
1 months ago
B) The merchant must Install video cameras in addition to the existing access-control system.
upvoted 0 times
...
Merrilee
1 months ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...

Save Cancel