True or False: The scan customer must provide a list of all IPs in a scope for the scan.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

True or False: The scan customer must provide a list of all IPs in a scope for the scan.

Explanation:
Defining scope for an external vulnerability scan centers on all assets that have external exposure and are in the cardholder data environment. You don’t have to hand over an exhaustive, line-by-line list of every IP address. Instead, you can define the scope using domains or CIDR blocks, and the ASV will identify and scan all live IPs that fall within that scope. If new assets appear or the scope changes, you update the scope and re-scan to maintain coverage. Providing only a subset of IPs would risk missing in-scope assets, and simply listing Internet-facing IPs does not guarantee that all in-scope external assets are scanned.

Defining scope for an external vulnerability scan centers on all assets that have external exposure and are in the cardholder data environment. You don’t have to hand over an exhaustive, line-by-line list of every IP address. Instead, you can define the scope using domains or CIDR blocks, and the ASV will identify and scan all live IPs that fall within that scope. If new assets appear or the scope changes, you update the scope and re-scan to maintain coverage. Providing only a subset of IPs would risk missing in-scope assets, and simply listing Internet-facing IPs does not guarantee that all in-scope external assets are scanned.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy