During testing of Req 2.3, what should you verify about admin login?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Boost your readiness for the PCI DSS Requirements Exam with engaging flashcards and comprehensive multiple choice questions. Each comes with hints and explanations to maximize your understanding!

Multiple Choice

During testing of Req 2.3, what should you verify about admin login?

Explanation:
The key idea is protecting admin credentials as they travel over the network. For admin login, you must ensure a strong, encrypted channel is established before any password is sent. This means the login occurs over a secure protocol (like TLS/HTTPS or SSH) with strong cryptography, so the password isn’t exposed in transit. If credentials could be sent over an unencrypted channel, or if insecure remote-login methods are allowed, or if encryption isn’t required at all, the requirement isn’t being met. By validating that encryption is in place before the password request, you confirm the admin login process protects sensitive credentials from interception.

The key idea is protecting admin credentials as they travel over the network. For admin login, you must ensure a strong, encrypted channel is established before any password is sent. This means the login occurs over a secure protocol (like TLS/HTTPS or SSH) with strong cryptography, so the password isn’t exposed in transit. If credentials could be sent over an unencrypted channel, or if insecure remote-login methods are allowed, or if encryption isn’t required at all, the requirement isn’t being met. By validating that encryption is in place before the password request, you confirm the admin login process protects sensitive credentials from interception.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy