Which of the following is included in 10.2.5 regarding account management?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the PCI Data Security Standard Test. Utilize flashcards and multiple-choice questions, each offering hints and detailed explanations. Prepare thoroughly for your exam and ensure compliance with PCI DSS!

Multiple Choice

Which of the following is included in 10.2.5 regarding account management?

Explanation:
Account management events are a key part of auditing access to systems. PCI DSS requires automated audit trails that capture actions that change who has access and at what level, especially for high-privilege accounts. This means logging when new accounts are created, when privileges are elevated, and when changes are made to root or administrative accounts. Tracking these actions provides accountability and helps detect inappropriate provisioning or privilege abuse. Other options are too narrow: password resets, only changes to user roles without creating accounts, or only login attempts by administrators don’t monitor the actions that actually grant, remove, or raise access, which is essential for proving that access is properly controlled and monitored.

Account management events are a key part of auditing access to systems. PCI DSS requires automated audit trails that capture actions that change who has access and at what level, especially for high-privilege accounts. This means logging when new accounts are created, when privileges are elevated, and when changes are made to root or administrative accounts. Tracking these actions provides accountability and helps detect inappropriate provisioning or privilege abuse.

Other options are too narrow: password resets, only changes to user roles without creating accounts, or only login attempts by administrators don’t monitor the actions that actually grant, remove, or raise access, which is essential for proving that access is properly controlled and monitored.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy