When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration test

ing?

A. At least once a year and after any significant upgrade or modification

B. At least once every three years or after any significant upgrade or modification

C. At least twice a year or after any significant upgrade or modification

D. At least once

every two years and after any significant upgrade or modification