Under A.1.2, which statement correctly describes how application processes should run?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Under A.1.2, which statement correctly describes how application processes should run?

Explanation:
The main idea here is applying the principle of least privilege to application processes. Each process should run with only the minimum permissions it needs, not as a high-privilege account. Running under a non-privileged user ID limits what the process can access or modify, so if the process is compromised, the attacker gains far less potential damage and the system remains better contained. Running as root would defeat this protection—root has full control over the system, so a compromised process could access sensitive data, alter configurations, and affect other users. Sharing files between entities or allowing any entity to view logs also breaks isolation and confidentiality, increasing the risk of unauthorized access or data leakage. Therefore, the correct approach is that application processes run using the entity’s own non-privileged user ID, aligning with the goal of minimizing privileges and preserving isolation.

The main idea here is applying the principle of least privilege to application processes. Each process should run with only the minimum permissions it needs, not as a high-privilege account. Running under a non-privileged user ID limits what the process can access or modify, so if the process is compromised, the attacker gains far less potential damage and the system remains better contained.

Running as root would defeat this protection—root has full control over the system, so a compromised process could access sensitive data, alter configurations, and affect other users. Sharing files between entities or allowing any entity to view logs also breaks isolation and confidentiality, increasing the risk of unauthorized access or data leakage.

Therefore, the correct approach is that application processes run using the entity’s own non-privileged user ID, aligning with the goal of minimizing privileges and preserving isolation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy