Which PCI DSS requirement restricts physical access to cardholder data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which PCI DSS requirement restricts physical access to cardholder data?

Explanation:
Controlling physical access to cardholder data is about making sure that only authorized people can reach the hardware, storage media, and facilities where cardholder data is stored or processed. This is the explicit physical-security control in PCI DSS, covering things like securing data centers and server rooms, managing access lists, using visitor logs, and properly handling or disposing of media containing CHD. It’s the right choice because it directly targets the physical barriers and procedures that prevent someone from tampering with or stealing data by physically reaching the devices. The other items focus on different areas: monitoring and logging who accesses network resources and CHD, protecting data as it moves across networks (encryption in transit), and having a broad information-security policy for all personnel. While all are important, they don’t specifically address restricting physical access to cardholder data.

Controlling physical access to cardholder data is about making sure that only authorized people can reach the hardware, storage media, and facilities where cardholder data is stored or processed. This is the explicit physical-security control in PCI DSS, covering things like securing data centers and server rooms, managing access lists, using visitor logs, and properly handling or disposing of media containing CHD. It’s the right choice because it directly targets the physical barriers and procedures that prevent someone from tampering with or stealing data by physically reaching the devices.

The other items focus on different areas: monitoring and logging who accesses network resources and CHD, protecting data as it moves across networks (encryption in transit), and having a broad information-security policy for all personnel. While all are important, they don’t specifically address restricting physical access to cardholder data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy