What is the maximum idle session time before re-authentication is required?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

What is the maximum idle session time before re-authentication is required?

Explanation:
Idle session timeouts protect cardholder data by ensuring a session is not left open if someone steps away. PCI DSS requires that systems automatically require re-authentication after a short period of inactivity to prevent unauthorized access from an unattended workstation. The maximum allowed idle time is 15 minutes or less, which strikes a balance between usability and security. Longer timeouts, like 30 or 60 minutes, would exceed the recommended limit and raise risk of session hijacking. A 5-minute timeout is stricter than necessary for the maximum, so it doesn’t reflect the allowed upper bound.

Idle session timeouts protect cardholder data by ensuring a session is not left open if someone steps away. PCI DSS requires that systems automatically require re-authentication after a short period of inactivity to prevent unauthorized access from an unattended workstation. The maximum allowed idle time is 15 minutes or less, which strikes a balance between usability and security. Longer timeouts, like 30 or 60 minutes, would exceed the recommended limit and raise risk of session hijacking. A 5-minute timeout is stricter than necessary for the maximum, so it doesn’t reflect the allowed upper bound.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy