Question

Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?

A. Immediately
B. June
C. December
D. No Scans Are Required

Answer 1

Bethany must perform a PCI DSS compliance scan immediately after the point-of-sale system upgrade to meet the compliance requirements. PCI DSS mandates that scans are conducted after any significant environmental change.

Step-by-step explanation:

Bethany, as the vulnerability management specialist, plays a crucial role in ensuring the security and compliance of her organization's payment systems. The Payment Card Industry Data Security Standard (PCI DSS) requires scans to be conducted after any significant change to the environment, including upgrades to the point-of-sale system like the one described. Therefore, Bethany must complete the new scan immediately (A) to maintain compliance with PCI DSS requirements which mandate that vulnerability scans occur after any significant infrastructure or application upgrade or modification.