Before applications become active or are released to customers, what must be done with development, test, and custom application accounts?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Requirements Test with our interactive quizzes. Use multiple choice questions, flashcards, and detailed explanations. Ace your exam with confidence!

Multiple Choice

Before applications become active or are released to customers, what must be done with development, test, and custom application accounts?

Explanation:
Removing those accounts before production is released is about reducing the attack surface and preventing privileged access that isn’t needed in the live environment. Development, test, and custom application accounts are often created quickly for debugging or feature work and can carry broad permissions or weak credentials. If any of them linger in production, they could be exploited to access systems, view sensitive data, or bypass controls, especially if they aren’t as tightly monitored or rotated as production accounts. Purging them ensures that only properly provisioned, production-grade accounts with validated access are present, and it supports secure change-management and least-privilege practices. Keeping them disabled would still leave the potential for reactivation, misconfiguration, or unnoticed gaps. Renaming doesn’t reduce risk and can be ignored or forgotten in audits. Migrating them to production would grant inappropriate access and blur the line between development and live environments.

Removing those accounts before production is released is about reducing the attack surface and preventing privileged access that isn’t needed in the live environment. Development, test, and custom application accounts are often created quickly for debugging or feature work and can carry broad permissions or weak credentials. If any of them linger in production, they could be exploited to access systems, view sensitive data, or bypass controls, especially if they aren’t as tightly monitored or rotated as production accounts. Purging them ensures that only properly provisioned, production-grade accounts with validated access are present, and it supports secure change-management and least-privilege practices.

Keeping them disabled would still leave the potential for reactivation, misconfiguration, or unnoticed gaps. Renaming doesn’t reduce risk and can be ignored or forgotten in audits. Migrating them to production would grant inappropriate access and blur the line between development and live environments.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy