Return to course: PCI DSS Requirement 7: Restrict Access Based on Least Privilege and Business Need to Know
Previous Lesson
Previous
Course Overview
PCI DSS Requirement 7: Restrict Access Based on Least Privilege and Business Need to Know
Restrict Access to System Components and Cardholder Data by Business Need to Know
PCI DSS Requirement 7
PCI DSS Requirement 7 Short Quiz
PCI DSS Requirement 7 Short Quiz
The Least Privilege principle means giving any user account or processes only those privileges which are essentially vital to perform its intended functions.
*
True
False
Least Privilege does nothing to protect cardholder data malicious behavior.
*
True
False
Select the types of access control models
*
Mandatory Access Control
All Access Control
Role-Based Access Control
Discretionary Access Control
Rule-Based Access Control
Which access control model is the least restrictive?
*
Mandatory access control
Role-based access control
Rule-based access control
Discretionary access control
User access, including privileged user access does not need to be approved
*
True
False
Fill in the blank
*
Access is based on
to perform job responsibilities
Beginning March 31, 2025, user accounts must be reviewed at least once every _____
*
12 months
3 months
6 months
month
What's a targeted risk analysis?
*
Who can directly access or query repositories of stored CHD?
*
Anyone
No one
Billing and finance personnel
only the responsible administrator
The access control system must be set to permit all by default
*
True
False
