According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor ASV exam with our comprehensive study tools. Use flashcards and multiple choice questions, each with hints and explanations, to ace your test!

Multiple Choice

According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Explanation:
Scanning after significant changes is required to confirm that the changes haven’t introduced new vulnerabilities. However, who performs that scan is not restricted to an Approved Scanning Vendor. Internal teams can run vulnerability scans after changes using internal tools, while the external-scanning requirement—performed quarterly—must be done by an ASV. The statement that these post-change scans must be done only by an ASV is therefore incorrect, because internal personnel can also carry out the post-change scans to validate the environment before moving changes into production.

Scanning after significant changes is required to confirm that the changes haven’t introduced new vulnerabilities. However, who performs that scan is not restricted to an Approved Scanning Vendor. Internal teams can run vulnerability scans after changes using internal tools, while the external-scanning requirement—performed quarterly—must be done by an ASV. The statement that these post-change scans must be done only by an ASV is therefore incorrect, because internal personnel can also carry out the post-change scans to validate the environment before moving changes into production.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy