312-50V9 · Question #168
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
The correct answer is C. Nessus. PCI DSS Requirement 11 mandates regular vulnerability scanning and penetration testing, and Nessus is a professional vulnerability scanner purpose-built for this type of compliance assessment.
Question
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
Options
- ATruecrypt
- BSub7
- CNessus
- DClamwin
How the community answered
(18 responses)- A11% (2)
- B17% (3)
- C72% (13)
Why each option
PCI DSS Requirement 11 mandates regular vulnerability scanning and penetration testing, and Nessus is a professional vulnerability scanner purpose-built for this type of compliance assessment.
TrueCrypt is a disk encryption utility and has no capability to scan for vulnerabilities or produce compliance scan reports.
Sub7 is a Remote Access Trojan (RAT) classified as malware and is illegal to use in unauthorized environments - it is not a compliance tool.
Nessus, developed by Tenable, is an industry-standard vulnerability scanner widely used to satisfy PCI DSS Requirement 11, which calls for regular internal and external vulnerability scans. It can identify missing patches, misconfigurations, and known CVEs across network hosts, producing reports suitable for PCI compliance documentation. Approved Scanning Vendors (ASVs) commonly use Nessus-based tooling to fulfill Requirement 11.2 external scan obligations.
ClamWin is an open-source antivirus tool for detecting malware on endpoints, not a vulnerability scanner capable of meeting PCI Requirement 11 scan mandates.
Concept tested: PCI DSS Requirement 11 vulnerability scanning tools
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.