Acas best practice knowledge.pdf, Exams of Nursing

Acas best practice knowledge.pdf

Typology: Exams

2025/2026

Available from 05/20/2026

prejonato3
prejonato3 🇺🇸

508 documents

1 / 40

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ACAS EXAM BEST PRACTICE KNOWLEDGE (BPG) (ACTUAL
2026) EXAM 1, 2, 3, 4, 5 & 6 QUESTIONS AND 100%
VERIFIED ANSWERS
c
- --
answers-
---
_________ are administrative level
usernames and passwords (or SSH key pairs) used in
authenticated scans?
Select the best answer to complete the statement.
a.
Audit files
b.
Scan policies
c.
Credentials
d.
Asset lists
c - --answers----Networks using Dynamic Host Configuration
Protocol (DHCP) require that this active scan setting be
enabled to properly track hosts.
Select the best answer for the statement.
a.
Rollover Option
b.
Enable Safe Checks
c.
Track hosts which have been issued new IP addresses
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28

Partial preview of the text

Download Acas best practice knowledge.pdf and more Exams Nursing in PDF only on Docsity!

ACAS EXAM BEST PRACTICE KNOWLEDGE (BPG) (ACTUAL

2026) EXAM 1, 2, 3, 4, 5 & 6 QUESTIONS AND 100%

VERIFIED ANSWERS

c - --answers----_________ are administrative level usernames and passwords (or SSH key pairs) used in authenticated scans? Select the best answer to complete the statement. a. Audit files b. Scan policies c. Credentials d. Asset lists c - --answers----Networks using Dynamic Host Configuration Protocol (DHCP) require that this active scan setting be enabled to properly track hosts. Select the best answer for the statement. a. Rollover Option b. Enable Safe Checks c. Track hosts which have been issued new IP addresses

d. Remove vulnerabilities from scanned hosts that have been inactive for (X days) a - --answers----How many import repositories can you select for a single scan? Select the best answer to the question. a. Only one b. A maximum of three c. You can select all your available repositories d. As many as you like, if none of them are agent repositories a c - --answers----Per the ACAS Best Practices Policy Deviations spreadsheet, which Port Scan Range value tells the scanner to scan all ports? Select the best answers to the question. a. 1- 65535 b. Default c. All d. Common a. Directs the scanner to target a specific range of ports. b. Ensures that potential harmful plugins are not exercised by the Scanner.

d. Don't make any changes, changing the BPG-provided scan is not allowed per CCRI audit guidelines. a - --answers----To get the most accurate results on the security posture of a system, which of the following actions should be done prior to scanning? a. Update the plugins b. Patch the scanner c. Reboot the target host d. Log all users out of the system. True - --answers----According to the ACAS Best Practices Guide/ACAS TASKORD, both Discovery and Vulnerability Scans are to be credentialed. True False d - --answers----Per the TASKORD the organization will conduct discovery scans of the site's assigned IP space (active and inactive IP addresses and ranges) at least once every how many days? Select the best answer (per the Best Practices Guide). a. 7

b. 14 c. 21 d. 30 b - --answers----Which of the custom DISA scan policies on the Patch Repository has most or all the plugin families enabled? Select the best answer. a. OS Discovery b. Vulnerability c. Configuration d. Differential c - --answers----It has been 8 days since your last full, credentialed vulnerability scan. What is your current compliance status? Select the best statement that reflects your compliance status. a. In compliance because vulnerability scans are only required every 30 days b. In compliance because vulnerability scans are only required every 14 days c. Out of compliance because vulnerability scans are required every 7 days.

c. Vulnerabilities discovered from the current days scan d. Current vulnerabilities, including those that have been recast, accepted, or mitigated and found vulnerable on rescan IP Summary Sorts vulnerabilities by plugin ID count. Columns of plugin ID, Total, and Severity can be sorted by clicking on the column header IAVM Summary Displays vulnerabilities based on their DoD IAVA and IAVB mappings Remediation Summary Provides a list of actions that may be taken to prioritize tasks that have the greatest effect to reduce vulnerabilities in systems Vulnerability Summary Lists the matching addresses, their vulnerability score, the repository the data is stored in, the CPE value, vulnerability count, and a breakdown of the individual severity counts. Vulnerability Detail List Shows the actual findings of a vulnerability scan, including plugin output and cross-references - --answers----Drag the description to the appropriate matching Analysis Tool.

Sort elements c - --answers----Frequently used _____________ can be saved as _____________ for use in analysis, dashboards, reports, tickets, and alerts. Select the best answer to complete the statement. a. plugins, tickets b. scans, policies c. filters, queries d. filters, alerts Accepted by the AO at your site/facility Annotated with trouble ticket from the ACAS Support Desk Documented to ensure the status of the plugins is clear to a visiting auditor and/or other organizational security staff. - -- answers----Accept Risk allows user to accept risks for vulnerabilities which removes them from the default view for analysis, dashboards, and reports. Per the Best Practices Guide, any recast or accepted risk should be ____.

Select the best answer. a. True b. False a b c - --answers----Per the Best Practices Guide, which of the following statements are true? Select the correct answer(s). a. The TASKORD defines several target types on which Nessus Agents are required to be installed. b. Nessus Agents can be installed on addition endpoints above TASKORD requirement. c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must also be scanned with the Nessus active scanner using ACAS Best Practice Guide Agent Differential scan policy. d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS. e. All the above b - --answers----Nessus Agent and Manager use the same software. Select the correct answer.

a. True b. False a c d - --answers----Per the Best Practices Guide, which of these statements is true. Select the correct answers. a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit files are to be used for configuration scanning in ACAS. b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into CMRS. c. Audit files are proprietary formatted XML files that define how ACAS should check for configuration with a specified benchmark. d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update Tenable.sc e. None of the above a - --answers----It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the Task Order 20- 0020, which of the following statements reflects your current compliance status? Select the best answer.

d - --answers----Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are proprietary formatted XML files that define how ACAS should check for configuration with a specified STIG? Select the best answer. a. Credentials b. Queries c. Policies d. Audit Files Create the Active Scan job Create an Audit form the Tenable Audit files. Edit the Configuration Scan Policy by adding the audit file on the Compliance tab Launch the scan Review the results - --answers----What are the steps to run a Configuration audit scan? Put the statements in the correct order. Drag and drop the statements in the boxes to indicate the correct order. Create the Active Scan job Create an Audit form the Tenable Audit files.

Edit the Configuration Scan Policy by adding the audit file on the Compliance tab Launch the scan Review the results b - --answers----Per the ACAS Best Practices Guide, what could a dynamic asset list that contains the following be used for? ANY of the following are true: Plugin ID is equal to 24786 Plugin ID is equal to 104410 Plugin ID is equal to 110385 Plugin ID is equal to 110723 Plugin ID is equal to 102094 Select the best answer. Plugins out of sync Authentication and access failures Good active vulnerability scan results. Nessus Scanner Timeouts b - --answers----When you create dynamic asset list(s), which of the following occurs? Select the best answer. a. Tenable.sc runs a scan to find assets that match the dynamic asset list's rules.

d - --answers----Per Task Order/FRAGO, which of the following statements is true? Select the best answer. a. Deploy at least one NNM for discovery scanning of IPv hosts. b. Deploy NNM to VPN entry points to enable passive monitoring of VPN terrain and discovery of endpoints connecting via VPN. c. Deploy at least one NNM internal to the AO, on each circuit that connects AO Unclassified and Classified networks. d. All of the above c - --answers----Clicking the Pushpin icon next to a Dashboard name on the Manage Dashboards page will do which of the following? Select the best answer. a. Share the dashboard with other Tenable.sc users in other organizations b. Hide the dashboard from other users in your group c. Make the dashboard available/unavailable in the Switch Dashboards menu e. Make the dashboard inactive so it stops updating. d - --answers----Tenable.sc has Dashboard templates that can be useful in identifying the quality of scans and the validity

of credential access to targets. According to the Best Practices Guide, which of the following templates are available? Select the best answer. a. Credentialed Windows Scanning b. Credentialed Linux Scanning c. Nessus Scan Summary d. All the above d - --answers----Select the Task Order for the Implementation of Assured Compliance Assessment Solution (ACAS) for the Enterprise: a. 12- 0501 b. 13- 0294 c. 16- 0294 d. 20- 0020 d - --answers----What is ACAS? Select the best answer. a. ACAS is a system that ensures security for the DoD Networks.

e. A lightweight program installed on the endpoint that gives you visibility into other IT assets that connect intermittently to the internet c - --answers----You have just logged in to your new instance of Tenable.sc. You are in California. The default local time zone is set to EST (New York). Where would you change the time zone to California in the Tenable.sc? Select the best answer. a. Dashboard > Dashboard b. Username Menu > Feeds c. Username Menu > Profile d. Workflow > Tickets e. Username Menu > Help b - --answers----You were just directed to update the version of your Tenable.sc. Where would you see the version of your current Tenable.sc in the tool itself? Select the best answer. a. Dashboard > Assurance Report Cards b. Username Menu > About c. Workflow > Alerts

d. Reporting > Reports b - --answers----On which website would you look for the ACAS documentation? Select the best answer. a. eMASS website b. Path Repository c. DEPS portal d. Cyber Exchange a. A set of proprietary data files that stores scan results and resides on the Tenable.sc b. A group(s) of users responsible for a secific set(s) of assets c. A defined static range of IP addresses with an associated Nessus scanner(s) d. A script file used to collect and interpret vulnerability, compliance, and configuration data - --answers----Match the building block term with the matching description below. Drag the definition/description to the bar beside the appropriate building block. Then drop it. a. Repository b. Organization c. Zone d. Plugin