What documentation is required for all services, protocols, and ports allowed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

What documentation is required for all services, protocols, and ports allowed?

Explanation:
The main idea here is that every service, protocol, and port that is allowed on the network must have documented justification and concrete security measures. By requiring documentation and a business rationale for each allowed item, you establish clear governance over what can run on the network, why it’s needed, and how it’s protected. This also makes it easier to review and audit changes, enforce least privilege, and ensure that even when insecure protocols are used, there are explicit mitigations in place (for example, encryption or strong authentication) and that those mitigations are documented. That’s why this option is the best fit: it goes beyond simply listing assets or planning for outages and demands a traceable record of why each service, protocol, and port is allowed, including how insecure protocols are secured. The other options don’t address this documentation and justification requirement. An inventory of hardware assets helps with asset management but not with controlling allowed network services; a disaster recovery plan focuses on continuity and data recovery; a general security policy is broad and does not specify justification for each service or port.

The main idea here is that every service, protocol, and port that is allowed on the network must have documented justification and concrete security measures. By requiring documentation and a business rationale for each allowed item, you establish clear governance over what can run on the network, why it’s needed, and how it’s protected. This also makes it easier to review and audit changes, enforce least privilege, and ensure that even when insecure protocols are used, there are explicit mitigations in place (for example, encryption or strong authentication) and that those mitigations are documented.

That’s why this option is the best fit: it goes beyond simply listing assets or planning for outages and demands a traceable record of why each service, protocol, and port is allowed, including how insecure protocols are secured. The other options don’t address this documentation and justification requirement. An inventory of hardware assets helps with asset management but not with controlling allowed network services; a disaster recovery plan focuses on continuity and data recovery; a general security policy is broad and does not specify justification for each service or port.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy