What events must be logged for system-level objects?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

What events must be logged for system-level objects?

Explanation:
Tracking changes to system-level objects through logging creation and deletion events is essential because these events mark changes to critical components of the environment. When new system-level objects appear—such as binaries, configuration files, or key directories—it could be legitimate software installation or, potentially, malicious activity aiming to introduce malware. When such objects are removed or renamed, it can signal tampering, data destruction, or attempts to evade security controls. Capturing both creation and deletion provides a complete audit trail of the life cycle of important assets, supporting incident investigation, change management, and PCI DSS logging requirements. In practice, you enable appropriate OS or security tooling to record who performed the action, when it happened, where it occurred, and exactly which object was affected, with centralized collection for monitoring and alerting. If you logged only one side—either creation or deletion—you would miss important signals: a deleted critical file might go unnoticed, or a newly created, potentially dangerous object might not be flagged. Not logging at all is not aligned with PCI DSS expectations for monitoring and maintaining the integrity of system components.

Tracking changes to system-level objects through logging creation and deletion events is essential because these events mark changes to critical components of the environment. When new system-level objects appear—such as binaries, configuration files, or key directories—it could be legitimate software installation or, potentially, malicious activity aiming to introduce malware. When such objects are removed or renamed, it can signal tampering, data destruction, or attempts to evade security controls. Capturing both creation and deletion provides a complete audit trail of the life cycle of important assets, supporting incident investigation, change management, and PCI DSS logging requirements.

In practice, you enable appropriate OS or security tooling to record who performed the action, when it happened, where it occurred, and exactly which object was affected, with centralized collection for monitoring and alerting. If you logged only one side—either creation or deletion—you would miss important signals: a deleted critical file might go unnoticed, or a newly created, potentially dangerous object might not be flagged. Not logging at all is not aligned with PCI DSS expectations for monitoring and maintaining the integrity of system components.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy