PCI DSS QSA Practice Test 2025 – Complete Exam Prep

The correct choice pertaining to implementing strong access control measures is Goal 4. This goal focuses specifically on the necessity of restricting access to system components and cardholder data to only those individuals or entities that need it to perform their job functions.

Effective access control measures involve ensuring that authentication, authorization, and accountability protocols are in place. This includes assigning unique IDs to each person who has computer access to system components, requiring strong passwords, and implementing policies for access control management. Goal 4 stresses the importance of limiting access to sensitive information, thus reducing the risk of unauthorized access and potential data breaches.

Other goals focus on different areas of security and compliance, such as building and maintaining a secure network, maintaining a vulnerability management program, and regularly monitoring and testing networks, which are essential but do not specifically emphasize access control measures in the same manner as Goal 4.