Under PCI DSS, anti-virus software should be actively running and cannot be disabled or altered by users unless authorized by mgmt for a limited time.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Under PCI DSS, anti-virus software should be actively running and cannot be disabled or altered by users unless authorized by mgmt for a limited time.

Explanation:
Anti-virus software must be actively running and protected from tampering. PCI DSS requires that anti-virus be deployed on systems that handle cardholder data and that it remains active and unalterable by regular users, with any exceptions only permitted by management for a limited time. This captures the essential security control: the system should continuously monitor for malware and not allow end users to disable or bypass it, except for a controlled, temporary authorization. The idea that antivirus is optional contradicts PCI DSS. While keeping logs is important for auditing, the core requirement is that the anti-virus remains active and tamper-resistant, not merely that logs exist. And while antivirus should be deployed on systems within scope, stating it must be installed on all devices oversimplifies scope and misses the emphasis on keeping the protection active and unmodified by users.

Anti-virus software must be actively running and protected from tampering. PCI DSS requires that anti-virus be deployed on systems that handle cardholder data and that it remains active and unalterable by regular users, with any exceptions only permitted by management for a limited time. This captures the essential security control: the system should continuously monitor for malware and not allow end users to disable or bypass it, except for a controlled, temporary authorization.

The idea that antivirus is optional contradicts PCI DSS. While keeping logs is important for auditing, the core requirement is that the anti-virus remains active and tamper-resistant, not merely that logs exist. And while antivirus should be deployed on systems within scope, stating it must be installed on all devices oversimplifies scope and misses the emphasis on keeping the protection active and unmodified by users.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy