ACAS Best Practices Knowledge Exam, Exams of Nursing

A knowledge exam focused on acas (assured compliance assessment solution) best practices. It covers topics such as credentialed discovery and vulnerability scans, compliance status based on scan frequency, custom disa scan policies, and the use of tenable.sc's cumulative repository. The exam also includes questions on vulnerability prioritization, risk acceptance, and the functionality of various analysis tools within the acas framework. It is designed to test the user's understanding of acas procedures and their ability to apply them in practical scenarios, ensuring compliance with organizational security policies and best practices. Useful for students and professionals in cybersecurity.

Typology: Exams

2024/2025

Available from 07/28/2025

JEFF-PASS
JEFF-PASS 🇺🇸

874 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ACAS BEST PRACTICE
KNOWLEDGE EXAM 3
According to the ACAS Best Practices Guide/ACAS TASKORD, both Discovery and Vulnerability
Scans are to be credentialed.
True
False - CORRECT ANSWER -True
Per the TASKORD the organization will conduct discovery scans of the site's assigned IP space
(active and inactive IP addresses and ranges) at least once every how many days?
Select the best answer (per the Best Practices Guide).
a. 7
b. 14
c. 21
d. 30 - CORRECT ANSWER -d
Which of the custom DISA scan policies on the Patch Repository has most or all the plugin
families enabled?
Select the best answer.
a. OS Discovery
b. Vulnerability
c. Configuration
d. Differential - CORRECT ANSWER -b
pf3
pf4

Partial preview of the text

Download ACAS Best Practices Knowledge Exam and more Exams Nursing in PDF only on Docsity!

ACAS BEST PRACTICE

KNOWLEDGE EXAM 3

According to the ACAS Best Practices Guide/ACAS TASKORD, both Discovery and Vulnerability Scans are to be credentialed. True False - CORRECT ANSWER - True Per the TASKORD the organization will conduct discovery scans of the site's assigned IP space (active and inactive IP addresses and ranges) at least once every how many days? Select the best answer (per the Best Practices Guide). a. 7 b. 14 c. 21 d. 30 - CORRECT ANSWER - d Which of the custom DISA scan policies on the Patch Repository has most or all the plugin families enabled? Select the best answer. a. OS Discovery b. Vulnerability c. Configuration d. Differential - CORRECT ANSWER - b

It has been 8 days since your last full, credentialed vulnerability scan. What is your current compliance status? Select the best statement that reflects your compliance status. a. In compliance because vulnerability scans are only required every 30 days b. In compliance because vulnerability scans are only required every 14 days c. Out of compliance because vulnerability scans are required every 7 days. d. Out of compliance because vulnerability scans required daily. - CORRECT ANSWER - c Today is Friday, and you are getting ready to run your weekly vulnerability scans. Your last discovery scan was performed on Monday. Select the best statement that describes your compliance status. a. In compliance because vulnerability scans are to be initiated no less than 14 days after the discovery scan/operation is "Completed" b. In compliance because active plugins must be updated no less than 7 days after the discovery scan/operation is "Completed" c. Out of compliance because vulnerability scans are to be initiated not later than (NLT) 72 hours after the discovery scan/operation is "Completed" d. Out of compliance because vulnerability scans are to be initiated no less thank 24 hours after the discovery scan/operation is "Completed" - CORRECT ANSWER - c What vulnerabilities are stored in Tenable.sc's Cumulative Repository? Select the best answer. a. Newly mitigated vulnerabilities b. Vulnerabilities discovered from the most recent scan c. Vulnerabilities discovered from the current days scan d. Current vulnerabilities, including those that have been recast, accepted, or mitigated and found vulnerable on rescan - CORRECT ANSWER - d

d. filters, alerts - CORRECT ANSWER - c Accept Risk allows user to accept risks for vulnerabilities which removes them from the default view for analysis, dashboards, and reports. Per the Best Practices Guide, any recast or accepted risk should be ____. Select the answer(s) to complete the statement. - CORRECT ANSWER - Accepted by the AO at your site/facility Annotated with trouble ticket from the ACAS Support Desk Documented to ensure the status of the plugins is clear to a visiting auditor and/or other organizational security staff. Which of these are key drivers of the Vulnerability Priority Ratings (VPR)? - CORRECT ANSWER - All the Above