As part of PCI DSS requirement 9.1, what should be observed about a system administrator attempting to log into consoles for randomly selected systems?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

As part of PCI DSS requirement 9.1, what should be observed about a system administrator attempting to log into consoles for randomly selected systems?

Explanation:
This item tests the protection of system consoles through physical and access controls. PCI DSS requires restricting physical access to devices in the cardholder data environment and ensuring that access to consoles is controlled and auditable. If a system administrator’s attempt to log into a console shows the console is locked, it demonstrates that someone cannot walk up and gain access without proper authentication, which helps prevent tampering and unauthorized use. It reflects a working control that safeguards the device at the point of interaction. Leaving consoles unlocked would undermine this protection, allowing easy unauthorized access. Ignoring console login attempts during audits would hide whether controls are actually in place. Granting administrative access remotely via VPN without additional controls would bypass the required restrictions on local console access and likely miss proper authentication and logging requirements.

This item tests the protection of system consoles through physical and access controls. PCI DSS requires restricting physical access to devices in the cardholder data environment and ensuring that access to consoles is controlled and auditable. If a system administrator’s attempt to log into a console shows the console is locked, it demonstrates that someone cannot walk up and gain access without proper authentication, which helps prevent tampering and unauthorized use. It reflects a working control that safeguards the device at the point of interaction.

Leaving consoles unlocked would undermine this protection, allowing easy unauthorized access. Ignoring console login attempts during audits would hide whether controls are actually in place. Granting administrative access remotely via VPN without additional controls would bypass the required restrictions on local console access and likely miss proper authentication and logging requirements.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy