According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Scanning after significant changes is required to confirm that the changes haven’t introduced new vulnerabilities. However, who performs that scan is not restricted to an Approved Scanning Vendor. Internal teams can run vulnerability scans after changes using internal tools, while the external-scanning requirement—performed quarterly—must be done by an ASV. The statement that these post-change scans must be done only by an ASV is therefore incorrect, because internal personnel can also carry out the post-change scans to validate the environment before moving changes into production.

According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

According to requirement 11.2, vulnerability scans conducted after changes should be performed only by an ASV.

Get the latest from Examzify