Annex D: Part III - Assured Compliance
Assessment Solution (ACAS) Questions With
Solutions
Defining Audit Files -text files that contain the specific configuration
-file permission
-access control tests to be
performed.
come from:
1) Tenable network security templates (SC 5)
2) DISA STIG automated benchmarks (.zip)
3) SCAP compliant checklists from NIST (.xccdf)
Using DISA STIG Automated Benchmark Files Security Center can create audit files by
ingesting DISA STIG automated benchmark files in the .xccdf format.
DISA STIG benchmark files are available on the IASE portal
, Annex D: Part III - Assured Compliance
Assessment Solution (ACAS) Questions With
Solutions
Using SCAP Content our security center also creates audit files by ingesting NIST's SCAP
files. NIST maintains the common configuration enumeration system.
Uploading Audit Files Administrators can upload audit files for security center-wide
usage, while authorized organizational users can upload them for use by their user group
Compliance DISA will generate the STIGs based on secure recommendations from
software vendors. Then the STIG configuration settings are converted to SCAP content, imported
into Security Center, and used by Nessus Scanners to audit asset configurations for compliance
A repository has_________ a GB limit and is not organization specific. 32
T/F: Access to a repository is controlled by an ACAS administrator True
T/F: Multiple organizations may not have access to the same repositories False, they do
have access to the same repositories
Assessment Solution (ACAS) Questions With
Solutions
Defining Audit Files -text files that contain the specific configuration
-file permission
-access control tests to be
performed.
come from:
1) Tenable network security templates (SC 5)
2) DISA STIG automated benchmarks (.zip)
3) SCAP compliant checklists from NIST (.xccdf)
Using DISA STIG Automated Benchmark Files Security Center can create audit files by
ingesting DISA STIG automated benchmark files in the .xccdf format.
DISA STIG benchmark files are available on the IASE portal
, Annex D: Part III - Assured Compliance
Assessment Solution (ACAS) Questions With
Solutions
Using SCAP Content our security center also creates audit files by ingesting NIST's SCAP
files. NIST maintains the common configuration enumeration system.
Uploading Audit Files Administrators can upload audit files for security center-wide
usage, while authorized organizational users can upload them for use by their user group
Compliance DISA will generate the STIGs based on secure recommendations from
software vendors. Then the STIG configuration settings are converted to SCAP content, imported
into Security Center, and used by Nessus Scanners to audit asset configurations for compliance
A repository has_________ a GB limit and is not organization specific. 32
T/F: Access to a repository is controlled by an ACAS administrator True
T/F: Multiple organizations may not have access to the same repositories False, they do
have access to the same repositories
