CertNexus Certified Cyber Secure Coder (CSC) — Question 30

According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?

Answer options

• A. 3 months
• B. 6 months
• C. 1 year
• D. 5 years

Correct answer: C

Explanation

The correct answer is C, as PCI DSS mandates that logs should be retained for at least one year to ensure adequate monitoring and auditing of access to cardholder data. Options A, B, and D do not meet the minimum retention requirement outlined by PCI DSS.