12.3.10 prohibits copying, moving, and storing CHD onto local drives and removable media unless explicitly authorized for a defined business need.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

12.3.10 prohibits copying, moving, and storing CHD onto local drives and removable media unless explicitly authorized for a defined business need.

Explanation:
The main idea being tested is that cardholder data should not be stored on local drives or removable media unless there is a clearly documented business need and explicit authorization. This reduces the risk of CHD exposure if a device is lost, stolen, or misused, since endpoint storage is more vulnerable and harder to monitor. The best answer captures the full restriction: copying, moving, and storing CHD onto local drives and removable media are prohibited unless there is explicit authorization for a defined business need. It covers all the ways CHD could end up on those media (copying, moving, storing) and the condition under which it’s allowed (explicit authorization tied to a defined business need), which is exactly what the rule intends. Why the others aren’t correct: one option is too narrow, mentioning only copying onto local drives and omitting moving or storing. Another option suggests storing CHD on personal devices, which is not permitted. The last option implies backing up by copying to local drives, which would violate the prohibition.

The main idea being tested is that cardholder data should not be stored on local drives or removable media unless there is a clearly documented business need and explicit authorization. This reduces the risk of CHD exposure if a device is lost, stolen, or misused, since endpoint storage is more vulnerable and harder to monitor.

The best answer captures the full restriction: copying, moving, and storing CHD onto local drives and removable media are prohibited unless there is explicit authorization for a defined business need. It covers all the ways CHD could end up on those media (copying, moving, storing) and the condition under which it’s allowed (explicit authorization tied to a defined business need), which is exactly what the rule intends.

Why the others aren’t correct: one option is too narrow, mentioning only copying onto local drives and omitting moving or storing. Another option suggests storing CHD on personal devices, which is not permitted. The last option implies backing up by copying to local drives, which would violate the prohibition.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy