Which access must be protected with multi-factor authentication?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Which access must be protected with multi-factor authentication?

Explanation:
Protecting access to the cardholder data environment is about ensuring privileged and remote paths into critical systems require more than just a password. The requirement is that non-console administrative access and all remote access to the cardholder data environment must use multi-factor authentication. This means whenever an administrator logs into systems over the network (non-console) or connects remotely (VPN, SSH, RDP, etc.), an additional authentication factor is needed beyond a password. This significantly reduces the risk that an attacker who compromises credentials can reach sensitive cardholder data. Non-console administrative access refers to login over a network rather than sitting at a physical console, and remote access covers any outside connection into those systems. Requiring MFA for these access paths focuses protections on the most sensitive entry points for the cardholder data environment. The other options either apply MFA too broadly to all user accounts, make it optional for admins, or limit it to vendor access, none of which aligns with the PCI DSS emphasis on securing admin and remote access to the CDE with MFA.

Protecting access to the cardholder data environment is about ensuring privileged and remote paths into critical systems require more than just a password. The requirement is that non-console administrative access and all remote access to the cardholder data environment must use multi-factor authentication. This means whenever an administrator logs into systems over the network (non-console) or connects remotely (VPN, SSH, RDP, etc.), an additional authentication factor is needed beyond a password. This significantly reduces the risk that an attacker who compromises credentials can reach sensitive cardholder data.

Non-console administrative access refers to login over a network rather than sitting at a physical console, and remote access covers any outside connection into those systems. Requiring MFA for these access paths focuses protections on the most sensitive entry points for the cardholder data environment. The other options either apply MFA too broadly to all user accounts, make it optional for admins, or limit it to vendor access, none of which aligns with the PCI DSS emphasis on securing admin and remote access to the CDE with MFA.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy