Certified Ethical Hacker (CEH v10) — Question 33

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Answer options

• A. At least twice a year or after any significant upgrade or modification
• B. At least once a year and after any significant upgrade or modification
• C. At least once every two years and after any significant upgrade or modification
• D. At least once every three years or after any significant upgrade or modification

Correct answer: B

Explanation

The correct answer is B, as PCI-DSS requires organizations to conduct penetration testing at least once a year and after any major upgrades. Options A, C, and D do not meet the PCI-DSS requirement for annual testing, making them incorrect.