Which actions require audit trail coverage according to 10.2.2?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which actions require audit trail coverage according to 10.2.2?

Explanation:
Auditing privileged activity is what 10.2.2 emphasizes. The idea is that all actions performed by anyone with root or administrative privileges must be captured by automated audit trails. These users can affect the most sensitive parts of the environment, including access to cardholder data, changes to critical settings, and commands that alter system behavior. By recording who did what, when, and from where, you can reconstruct events, hold privileged users accountable, and respond effectively to incidents. Other options don’t provide the necessary breadth. Logging actions by users without privileged access misses the activities of those with elevated rights, which are most risky. Focusing only on login attempts by root accounts ignores the full range of privileged actions, such as data access or configuration changes. Limiting audit coverage to configuration changes captures only a portion of privileged activity and misses data access and other impactful actions.

Auditing privileged activity is what 10.2.2 emphasizes. The idea is that all actions performed by anyone with root or administrative privileges must be captured by automated audit trails. These users can affect the most sensitive parts of the environment, including access to cardholder data, changes to critical settings, and commands that alter system behavior. By recording who did what, when, and from where, you can reconstruct events, hold privileged users accountable, and respond effectively to incidents.

Other options don’t provide the necessary breadth. Logging actions by users without privileged access misses the activities of those with elevated rights, which are most risky. Focusing only on login attempts by root accounts ignores the full range of privileged actions, such as data access or configuration changes. Limiting audit coverage to configuration changes captures only a portion of privileged activity and misses data access and other impactful actions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy