Which of the following is a requirement of PCI DSS Requirement 11 (Regularly test security systems and processes)?

Answer options:

Install antivirus software.

Perform external and internal vulnerability scans at least quarterly.

Restrict physical access to cardholder data.

Assign a unique ID to each person with computer access.

How to approach this question

PCI DSS Req 11 = Testing. Scans and Pen Tests are testing.

Full Answer

B.Perform external and internal vulnerability scans at least quarterly.✓ Correct

PCI DSS Requirement 11 focuses on testing security. It specifically requires internal and external vulnerability scans at least quarterly and after any significant change in the network.

Common mistakes

Confusing Scans (Quarterly) with Pen Tests (Annual).

Question 79 All questions Question 81

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →