


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A knowledge exam focused on acas (assured compliance assessment solution) best practices. It covers topics such as credentialed discovery and vulnerability scans, compliance status based on scan frequency, custom disa scan policies, and the use of tenable.sc's cumulative repository. The exam also includes questions on vulnerability prioritization, risk acceptance, and the functionality of various analysis tools within the acas framework. It is designed to test the user's understanding of acas procedures and their ability to apply them in practical scenarios, ensuring compliance with organizational security policies and best practices. Useful for students and professionals in cybersecurity.
Typology: Exams
1 / 4
This page cannot be seen from the preview
Don't miss anything!



According to the ACAS Best Practices Guide/ACAS TASKORD, both Discovery and Vulnerability Scans are to be credentialed. True False - CORRECT ANSWER - True Per the TASKORD the organization will conduct discovery scans of the site's assigned IP space (active and inactive IP addresses and ranges) at least once every how many days? Select the best answer (per the Best Practices Guide). a. 7 b. 14 c. 21 d. 30 - CORRECT ANSWER - d Which of the custom DISA scan policies on the Patch Repository has most or all the plugin families enabled? Select the best answer. a. OS Discovery b. Vulnerability c. Configuration d. Differential - CORRECT ANSWER - b
It has been 8 days since your last full, credentialed vulnerability scan. What is your current compliance status? Select the best statement that reflects your compliance status. a. In compliance because vulnerability scans are only required every 30 days b. In compliance because vulnerability scans are only required every 14 days c. Out of compliance because vulnerability scans are required every 7 days. d. Out of compliance because vulnerability scans required daily. - CORRECT ANSWER - c Today is Friday, and you are getting ready to run your weekly vulnerability scans. Your last discovery scan was performed on Monday. Select the best statement that describes your compliance status. a. In compliance because vulnerability scans are to be initiated no less than 14 days after the discovery scan/operation is "Completed" b. In compliance because active plugins must be updated no less than 7 days after the discovery scan/operation is "Completed" c. Out of compliance because vulnerability scans are to be initiated not later than (NLT) 72 hours after the discovery scan/operation is "Completed" d. Out of compliance because vulnerability scans are to be initiated no less thank 24 hours after the discovery scan/operation is "Completed" - CORRECT ANSWER - c What vulnerabilities are stored in Tenable.sc's Cumulative Repository? Select the best answer. a. Newly mitigated vulnerabilities b. Vulnerabilities discovered from the most recent scan c. Vulnerabilities discovered from the current days scan d. Current vulnerabilities, including those that have been recast, accepted, or mitigated and found vulnerable on rescan - CORRECT ANSWER - d
d. filters, alerts - CORRECT ANSWER - c Accept Risk allows user to accept risks for vulnerabilities which removes them from the default view for analysis, dashboards, and reports. Per the Best Practices Guide, any recast or accepted risk should be ____. Select the answer(s) to complete the statement. - CORRECT ANSWER - Accepted by the AO at your site/facility Annotated with trouble ticket from the ACAS Support Desk Documented to ensure the status of the plugins is clear to a visiting auditor and/or other organizational security staff. Which of these are key drivers of the Vulnerability Priority Ratings (VPR)? - CORRECT ANSWER - All the Above