CompTIA PenTest+ (PT0-002) — Question 442

PCI DSS requires which of the following as part of the penetration-testing process?

Answer options

• A. The penetration tester must have cybersecurity certifications.
• B. The network must be segmented.
• C. Only externally facing systems should be tested.
• D. The assessment must be performed during non-working hours.

Correct answer: B

Explanation

The correct answer is B because PCI DSS requires segmenting the network to minimize the scope of the assessment. Options A, C, and D are not requirements set by PCI DSS for penetration testing; thus, they do not align with the standard's criteria.