Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PCI QSA_New_V4 Exam - Topic 3 Question 2 Discussion

Actual exam question for PCI's QSA_New_V4 exam
Question #: 2
Topic #: 3
[All QSA_New_V4 Questions]

A retail merchant has a server room containing systems that store encrypted PAN dat

a. The merchant has Implemented a badge access-control system that Identifies who entered and exited the room, on what date, and at what time. There are no video cameras located in the server room. Based on this information, which statement is true regarding PCI DSS physical security requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

Physical Security Requirements:

PCI DSS Requirement 9.1.1 mandates that physical access control systems (like badge readers) must be protected against tampering or disabling to ensure continuous security.

Current Implementation:

The merchant's badge access-control system provides essential logging of access events but must also be protected against tampering to comply with PCI DSS.

Invalid Options:

B: Video cameras are recommended but not explicitly required if access controls effectively ensure security.

C: Secure deletion of access-control logs is not a PCI DSS requirement; logs must be retained as per retention policies.

D: Motion-sensing alarms are not mandatory under PCI DSS physical security requirements.


by Ben at Feb 12, 2025, 09:57 AM

Limited Time Offer

25%

Off

Get Premium QSA_New_V4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Peggie
4 months ago
Motion-sensing alarms? Sounds like overkill to me.
upvoted 0 times
...
Thea
4 months ago
Monthly deletion of access data? That's a bit much, isn't it?
upvoted 0 times
...
Tasia
4 months ago
Wait, why do they need cameras? Seems excessive.
upvoted 0 times
...
Merissa
4 months ago
I agree, A is the right choice!
upvoted 0 times
...
Maryann
4 months ago
The badge system definitely needs protection from tampering.
upvoted 0 times
...
Shonda
5 months ago
I vaguely recall something about data retention policies, but I don't think monthly deletion of access logs is a standard requirement, so I'm not sure about C.
upvoted 0 times
...
Ula
5 months ago
I practiced a similar question about physical security requirements, and I think the focus was on ensuring that access controls are tamper-proof, which makes me lean towards A.
upvoted 0 times
...
Keith
5 months ago
I'm not entirely sure, but I feel like the requirement for video cameras might not be mandatory if there's already an access control system in place.
upvoted 0 times
...
Loren
5 months ago
I remember that the PCI DSS emphasizes the importance of protecting access control systems, so I think option A could be correct.
upvoted 0 times
...
Izetta
5 months ago
I'm not entirely sure about this one. The question is asking about the true statement, but there could be multiple correct answers depending on the specific PCI DSS requirements. I'll need to review the standards more closely to be confident in my response.
upvoted 0 times
...
Sang
5 months ago
Okay, I've got this. The badge access-control system must be protected from tampering or disabling, since it's the only physical security measure mentioned. The other options don't seem to directly address the requirements based on the information given.
upvoted 0 times
...
Brent
5 months ago
Hmm, I'm a bit confused here. The question mentions encrypted PAN data, but it's not clear if the access-control system is the only physical security measure in place. I'll need to think this through carefully.
upvoted 0 times
...
Arthur
5 months ago
This seems like a straightforward question about PCI DSS physical security requirements. I think the key is to focus on the information provided - the merchant has a badge access-control system but no video cameras.
upvoted 0 times
...
Helga
1 year ago
I'm not sure, but I think installing motion-sensing alarms could also be a good additional security measure.
upvoted 0 times
...
Wilda
1 year ago
I agree with Germaine. It makes sense to ensure the access-control system is secure to protect the encrypted PAN data.
upvoted 0 times
...
Jean
1 year ago
Motion-sensing alarms? Nah, that's just asking for trouble. The access-control system is doing its job just fine.
upvoted 0 times
Carin
1 year ago
B: I agree, adding motion-sensing alarms seems excessive.
upvoted 0 times
...
Rene
1 year ago
A: The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...
Tambra
1 year ago
Securely deleting the access data every month? Sounds like a lot of unnecessary work. Can't we just let it pile up?
upvoted 0 times
Wilson
12 months ago
Annelle: That's right, we need to ensure the protection of encrypted PAN data.
upvoted 0 times
...
Leonida
12 months ago
User 3: No, it's necessary to follow PCI DSS physical security requirements.
upvoted 0 times
...
Annelle
12 months ago
User 2: But wouldn't it be easier to just let it pile up?
upvoted 0 times
...
Malinda
12 months ago
User 1: It's important to securely delete the access data regularly to maintain security.
upvoted 0 times
...
...
Germaine
1 year ago
I think the answer is A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Lashandra
1 year ago
Hold up, video cameras in the server room? Isn't that a bit overkill? I mean, the access logs should be enough, right?
upvoted 0 times
...
Mattie
1 year ago
The badge access-control system definitely needs to be protected from tampering. Can't have anyone messing with that!
upvoted 0 times
Dean
1 year ago
D) The merchant must install motion-sensing alarms In addition to the existing access-control system.
upvoted 0 times
...
Noel
1 year ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
Jacki
1 year ago
B) The merchant must Install video cameras in addition to the existing access-control system.
upvoted 0 times
...
Merrilee
1 year ago
A) The badge access-control system must be protected from tampering or disabling.
upvoted 0 times
...
...

Save Cancel