CompTIA PenTest+ (PT1-002) — Question 75

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

Answer options

• A. Weekly
• B. Monthly
• C. Quarterly
• D. Annually

Correct answer: C

Explanation

According to PCI DSS v3.2.1, the minimum requirement for scanning is quarterly. This ensures that vulnerabilities are identified and addressed in a timely manner. Scanning weekly or monthly exceeds the minimum requirement, while annually does not meet the compliance standards.