Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PCI Exam QSA_New_V4 Topic 3 Question 2 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 2
Topic #: 3
[All QSA_New_V4 Questions]

A retail merchant has a server room containing systems that store encrypted PAN dat

a. The merchant has Implemented a badge access-control system that Identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

Physical Security Requirements:

PCI DSS Requirement 9.1.1 mandates that physical access control systems (like badge readers) must be protected against tampering or disabling to ensure continuous security.

Current Implementation:

The merchant's badge access-control system provides essential logging of access events but must also be protected against tampering to comply with PCI DSS.

Invalid Options:

B: Video cameras are recommended but not explicitly required if access controls effectively ensure security.

C: Secure deletion of access-control logs is not a PCI DSS requirement; logs must be retained as per retention policies.

D: Motion-sensing alarms are not mandatory under PCI DSS physical security requirements.


Contribute your Thoughts:

Helga
21 days ago
I'm not sure, but I think installing motion-sensing alarms could also be a good additional security measure.
upvoted 0 times
...
Wilda
22 days ago
I agree with Germaine. It makes sense to ensure the access-control system is secure to protect the encrypted PAN data.
upvoted 0 times
...
Jean
23 days ago
Motion-sensing alarms? Nah, that's just asking for trouble. The access-control system is doing its job just fine.
upvoted 0 times
Carin
7 days ago
B: I agree, adding motion-sensing alarms seems excessive.
upvoted 0 times
...
Rene
14 days ago
A: The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...
Tambra
30 days ago
Securely deleting the access data every month? Sounds like a lot of unnecessary work. Can't we just let it pile up?
upvoted 0 times
...
Germaine
1 months ago
I think the answer is A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Lashandra
1 months ago
Hold up, video cameras in the server room? Isn't that a bit overkill? I mean, the access logs should be enough, right?
upvoted 0 times
...
Mattie
1 months ago
The badge access-control system definitely needs to be protected from tampering. Can't have anyone messing with that!
upvoted 0 times
Dean
6 days ago
D) The merchant must install motion-sensing alarms In addition to the existing access-control system.
upvoted 0 times
...
Noel
9 days ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Jacki
10 days ago
B) The merchant must Install video cameras in addition to the existing access-control system.
upvoted 0 times
...
Merrilee
15 days ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...

Save Cancel