CompTIA PenTest+ (PT0-002) — Question 360

An organization is required to undergo a penetration test to assess the segmentation of its network. Which of the following standards or regulations requires this type of testing?

Answer options

• A. ISSAF
• B. GDPR
• C. PCI DSS
• D. ISO 27001

Correct answer: C

Explanation

The correct answer is PCI DSS, which specifically requires penetration testing to ensure security measures are effective, especially in environments that handle payment card information. ISSAF, GDPR, and ISO 27001 do not have the same specific mandate for penetration testing focused on network segmentation.