When time settings on critical systems are changed, what process is required?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Boost your readiness for the PCI DSS Requirements Exam with engaging flashcards and comprehensive multiple choice questions. Each comes with hints and explanations to maximize your understanding!

Multiple Choice

When time settings on critical systems are changed, what process is required?

Explanation:
When critical system parameters are changed, it’s essential to follow a formal change-management process. Time settings are especially sensitive because accurate timestamps are the backbone of all log data, security events, and incident response. If time is altered, logs from different systems may no longer line up, making it hard to trace what happened or to detect tampering. That’s why the change should be captured in an audit trail (logging), continuously watched for any unexpected activity (monitoring), and reviewed by the appropriate authority to confirm it was authorized, properly implemented, and aligned with policy (review). Logging alone doesn’t guarantee control or visibility—without monitoring you might miss unauthorized changes, and without a formal review, changes could bypass approval or validation. Approving by the system owner alone ignores the operational governance and oversight that keeps changes consistent with policies and other controls. Documenting in a separate log only isolates the record from the broader change-control process and without ongoing monitoring and review it lacks accountability.

When critical system parameters are changed, it’s essential to follow a formal change-management process. Time settings are especially sensitive because accurate timestamps are the backbone of all log data, security events, and incident response. If time is altered, logs from different systems may no longer line up, making it hard to trace what happened or to detect tampering. That’s why the change should be captured in an audit trail (logging), continuously watched for any unexpected activity (monitoring), and reviewed by the appropriate authority to confirm it was authorized, properly implemented, and aligned with policy (review).

Logging alone doesn’t guarantee control or visibility—without monitoring you might miss unauthorized changes, and without a formal review, changes could bypass approval or validation. Approving by the system owner alone ignores the operational governance and oversight that keeps changes consistent with policies and other controls. Documenting in a separate log only isolates the record from the broader change-control process and without ongoing monitoring and review it lacks accountability.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy