CompTIA PenTest+ Practice Questions with correct answers

Which of the following types of information is protected by rules in the United States that specify the minimum frequency of vulnerability scanning required for devices that process it? A) Insurance records B) medical records C) credit card data D) SSNs E) drivers license numbers Correct Answer-Correct Answer: credit card data Explanation: The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. As part of PCI DSS compliance, organizations must conduct internal and external scans at prescribed intervals on any devices or systems that process credit card data. HIPAA protects medical and insurance records, but this law doesn't define a frequency for vulnerability scanning requirements. Driver's license numbers are considered PII, but again, there is no defined frequency scanning requirement regarding protecting PII under law, regulation, or rule. Dave's Consulting Group was just hired to conduct an engagement against an online training organization located in Germany. Which of the following laws should a penetration tester review before conducting this engagement to ensure the security and confidentiality of the student information processed by the company? A) DPPA