Which statement best describes requirement 9.7.1 regarding media inventories?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which statement best describes requirement 9.7.1 regarding media inventories?

Explanation:
This requirement focuses on knowing where every piece of media that could hold cardholder data is, and making sure you verify it regularly. Keeping an inventory log creates a current list of all media—backup tapes, USB drives, external hard drives, laptops, and other devices that might store CHD—and records who owns each item and where it’s stored. Conducting media inventories at least annually adds a verification step: you physically check that the log matches what exists, helping to catch missing, misplaced, or decommissioned media and ensuring proper handling or disposal. The best option combines both elements: maintain the inventory log and perform annual inventories. The other statements don’t meet the requirement because merely keeping logs doesn’t include a formal verification step, monthly inventories aren’t the stated minimum, and saying inventories are optional contradicts the need for accountability and verification.

This requirement focuses on knowing where every piece of media that could hold cardholder data is, and making sure you verify it regularly. Keeping an inventory log creates a current list of all media—backup tapes, USB drives, external hard drives, laptops, and other devices that might store CHD—and records who owns each item and where it’s stored. Conducting media inventories at least annually adds a verification step: you physically check that the log matches what exists, helping to catch missing, misplaced, or decommissioned media and ensuring proper handling or disposal.

The best option combines both elements: maintain the inventory log and perform annual inventories. The other statements don’t meet the requirement because merely keeping logs doesn’t include a formal verification step, monthly inventories aren’t the stated minimum, and saying inventories are optional contradicts the need for accountability and verification.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy