Question

Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application?
A. Only if the application changes
B. At least monthly
C. At least annually
D. There is no rescanning requirement.

Answer 1

Answer:

The correct option is C.

Explanation:

As Badin Industry is using the Payment Card Industry Data Security Standard (PCI DSS) which required the scan to be be done at least annually if there is no change in the application and when the application is changed.

In this context, provided there is no application change the minimum requirement for the scan is once in the year thus the correct option is C.

Answer 2

Answer:

C. At least annually

Explanation:

PCI DSS means Payment Card Industry Data Security Standard.

PCI DSS application requires a rescan annually and also requires a rescan after changes has been made in the application. Rescanning is important to ensure that changes made don't introduce new vulnerabilities into the system.

For Badin industries, since after running a vulnerability scan found no unsatisfactory findings, it is required for them to scan at least annually except the make changes to the PCI DSS application.