How many total CPE hours are required over a three-year period for QSAs?

The correct answer is based on the requirements set forth for Qualified Security Assessors (QSAs) regarding Continuing Professional Education (CPE) to maintain their certification. QSAs are required to earn a total of 120 CPE hours over a three-year period. This ensures that QSAs stay updated with industry changes, best practices, and evolving security standards, which are crucial for their role in assessing compliance with the PCI DSS.

Earning this amount of CPE not only reflects a commitment to professional development but also ensures that QSAs are equipped with current knowledge and skills essential for their responsibilities in the cybersecurity landscape. This requirement is part of the broader effort to maintain high standards within the field, ensuring that professionals are continuously enhancing their expertise.

Other numbers, while they may seem plausible for different certification or training requirements, do not meet the specific criteria established for QSAs. Therefore, the focus on 120 hours reinforces the necessity for ongoing education and skill advancement in compliance and security assessments relevant to the PCI DSS framework.