When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to
perform external and internal penetration testing?
A.
At least once a year and after any significant upgrade or modification
B.
At least once every three years or after any significant upgrade or modification
C.
At least twice a year or after any significant upgrade or modification
D.
At least once every two years and after any significant upgrade or modification