An organization has implemented a change-detection mechanism on their systems.
How often must critical file comparisons be performed?
A . At least weekly
B . Periodically as defined by the entity
C . Only after a valid change is installed
D . At least monthly
Answer: A
Explanation:
PCI DSS Requirement 11.5 states that entities must deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly1. This is to ensure that any unauthorized or malicious changes to the files are detected and reported in a timely manner, and that the integrity and security of the files are maintained. Critical files are those that affect the security of the cardholder data environment (CDE), such as system files, application executables, configuration files, database files, and log files2. Therefore, the correct answer is option
Latest ASSESSOR_NEW_V4 Dumps Valid Version with 60 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund