Which account-related activities should be logged to track changes in authentication and privileges?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Which account-related activities should be logged to track changes in authentication and privileges?

Explanation:
Tracking changes in authentication and privileges relies on recording account lifecycle events and any adjustments to access rights. Creating a new account introduces a new user with potential access to systems and data, so noting when this happens is essential. Elevation of privileges shows who gains higher levels of access, which can dramatically change what a user can do. Changes to root or admin accounts are especially sensitive because those accounts control critical systems and data; logging those alterations helps detect unauthorized or risky activity and supports forensic investigations. PCI DSS requires automated audit trails that can reconstruct events related to user access and permissions, including who did what, when, and to which resource. The combination of creation of new accounts, privilege elevation, and changes to high-privilege accounts provides a complete picture of authorization changes, enabling effective monitoring and incident response. Password resets are important for authentication but don’t necessarily reveal changes in who has access or what level of access they hold. Account lockouts and logout events capture authentication activity but not alterations to account provisioning or privileges. Therefore, the most comprehensive and relevant logging for tracking changes in authentication and privileges is the creation of new accounts, elevation of privileges, and changes to root or admin accounts.

Tracking changes in authentication and privileges relies on recording account lifecycle events and any adjustments to access rights. Creating a new account introduces a new user with potential access to systems and data, so noting when this happens is essential. Elevation of privileges shows who gains higher levels of access, which can dramatically change what a user can do. Changes to root or admin accounts are especially sensitive because those accounts control critical systems and data; logging those alterations helps detect unauthorized or risky activity and supports forensic investigations.

PCI DSS requires automated audit trails that can reconstruct events related to user access and permissions, including who did what, when, and to which resource. The combination of creation of new accounts, privilege elevation, and changes to high-privilege accounts provides a complete picture of authorization changes, enabling effective monitoring and incident response.

Password resets are important for authentication but don’t necessarily reveal changes in who has access or what level of access they hold. Account lockouts and logout events capture authentication activity but not alterations to account provisioning or privileges. Therefore, the most comprehensive and relevant logging for tracking changes in authentication and privileges is the creation of new accounts, elevation of privileges, and changes to root or admin accounts.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy