The primary function of security guards in a PCI Card Production environment is to monitor and control physical access to the facility and its various zones. Loading bays are critical points of entry and exit for materials and are a common post for guards. Their duties here include inspecting deliveries, verifying transport personnel, and ensuring that all movements of goods are authorized and logged, which is a core physical security responsibility. This aligns with the principle of placing security controls at the facility's perimeter and key transit points.

A. HSAs: Access to High-Security Areas (HSAs) is strictly limited to personnel with a direct operational need. Guards control access to HSAs but should not have unaccompanied access within them.

B. Audit logs: Access to audit logs is a logical security function, restricted to personnel like security administrators or auditors. Granting guards this access would violate the principles of least privilege and separation of duties.

D. Physical master keys that provide access to card production or provisioning areas: The PCI Card Production and Provisioning Security Requirements explicitly prohibit the use of master keys for access to HSAs. Therefore, no personnel, including guards, should have access to them.

---

1. PCI Security Standards Council, Card Production and Provisioning Security Requirements, Version 3.0, March 2020.

For Correct Answer (C): Requirement 2.1 states, "Appropriate facility entry and exit controls are in place to ensure only authorized personnel and approved materials are allowed access." Guards stationed at loading bays are a direct implementation of this control for materials.

For Incorrect Answer (A): Requirement 2.1.1 states, "Access to HSAs is restricted to authorized personnel only." A guard's role is typically not an operational function within the HSA, so they would not be considered authorized personnel for routine access.

For Incorrect Answer (B): Requirement 3, "Logical Security," governs access to systems and data, including audit logs (Requirement 3.4). This is explicitly a logical, not physical, security domain and is outside the scope of a guard's duties.

For Incorrect Answer (D): Requirement 2.1.6.d explicitly states, "The use of master keys for access to HSAs is prohibited." This makes any access to such keys by any individual, including guards, a direct violation of the standard.