ACCAS BEST PRACTICE KNOWLEDGE EXAM
1,2,3 AND 4 WITH THE CORRECT ANSWERS
Per the Best Practices Guide, which of the following statements are true?
Select the Correct Answer(s).
a. The TASKORD defines several target types on which Nessus Agents are required
to be installed.
b. Nessus Agents can be installed on addition endpoints above TASKORD
requirement.
c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must
also be scanned with the Nessus active scanner using ACAS Best Practice Guide
Agent Differential scan policy.
d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS.
e. All the above - Correct Answera b c
Nessus Agent and Manager use the same software.
Select the Correct Answer.
a. True
b. False - Correct Answerb
Per the Best Practices Guide, which of these statements is true.
Select the Correct Answers.
a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit
files are to be used for configuration scanning in ACAS.
b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into
CMRS.
c. Audit files are proprietary formatted XML files that define how ACAS should check
for configuration with a specified benchmark.
d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update
Tenable.sc
e. None of the above - Correct Answera c d
It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the
Task Order 20-0020, which of the following statements reflects your current
compliance status?
Select the best answer.
In compliance because configuration scans are only required every 30 days.
In compliance because vulnerability scans are only required every 21 days.
, Out of compliance because configuration scans are required every 14 days.
Out of compliance because vulnerability scans are required every single day. -
Correct Answera
Choose the Tenable.sc Severity Level that corresponds to the Configuration result.
Tenable re-used severity levels for configuration results.
To answer the question, drag the definition to the appropriate severity below.
a. Critical
b. High
c. Medium
d. Info - Correct Answera. Not used with configuration
b. Failed configuration check
c. Unable to Determine/Error
d. Passed configuration check
Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are
proprietary formatted XML files that define how ACAS should check for configuration
with a specified STIG?
Select the best answer.
a. Credentials
b. Queries
c. Policies
d. Audit Files - Correct Answerd
What are the steps to run a Configuration audit scan? Put the statements in the
correct order.
Drag and drop the statements in the boxes to indicate the correct order.
Create the Active Scan job
Create an Audit form the Tenable Audit files.
Edit the Configuration Scan Policy by adding the audit file on the Compliance tab
Launch the scan
Review the results - Correct AnswerCreate the Active Scan job
Create an Audit form the Tenable Audit files.
Edit the Configuration Scan Policy by adding the audit file on the Compliance tab
Launch the scan
Review the results
Per the ACAS Best Practices Guide, what could a dynamic asset list that contains
the following be used for?
ANY of the following are true:
Plugin ID is equal to 24786
1,2,3 AND 4 WITH THE CORRECT ANSWERS
Per the Best Practices Guide, which of the following statements are true?
Select the Correct Answer(s).
a. The TASKORD defines several target types on which Nessus Agents are required
to be installed.
b. Nessus Agents can be installed on addition endpoints above TASKORD
requirement.
c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must
also be scanned with the Nessus active scanner using ACAS Best Practice Guide
Agent Differential scan policy.
d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS.
e. All the above - Correct Answera b c
Nessus Agent and Manager use the same software.
Select the Correct Answer.
a. True
b. False - Correct Answerb
Per the Best Practices Guide, which of these statements is true.
Select the Correct Answers.
a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit
files are to be used for configuration scanning in ACAS.
b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into
CMRS.
c. Audit files are proprietary formatted XML files that define how ACAS should check
for configuration with a specified benchmark.
d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update
Tenable.sc
e. None of the above - Correct Answera c d
It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the
Task Order 20-0020, which of the following statements reflects your current
compliance status?
Select the best answer.
In compliance because configuration scans are only required every 30 days.
In compliance because vulnerability scans are only required every 21 days.
, Out of compliance because configuration scans are required every 14 days.
Out of compliance because vulnerability scans are required every single day. -
Correct Answera
Choose the Tenable.sc Severity Level that corresponds to the Configuration result.
Tenable re-used severity levels for configuration results.
To answer the question, drag the definition to the appropriate severity below.
a. Critical
b. High
c. Medium
d. Info - Correct Answera. Not used with configuration
b. Failed configuration check
c. Unable to Determine/Error
d. Passed configuration check
Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are
proprietary formatted XML files that define how ACAS should check for configuration
with a specified STIG?
Select the best answer.
a. Credentials
b. Queries
c. Policies
d. Audit Files - Correct Answerd
What are the steps to run a Configuration audit scan? Put the statements in the
correct order.
Drag and drop the statements in the boxes to indicate the correct order.
Create the Active Scan job
Create an Audit form the Tenable Audit files.
Edit the Configuration Scan Policy by adding the audit file on the Compliance tab
Launch the scan
Review the results - Correct AnswerCreate the Active Scan job
Create an Audit form the Tenable Audit files.
Edit the Configuration Scan Policy by adding the audit file on the Compliance tab
Launch the scan
Review the results
Per the ACAS Best Practices Guide, what could a dynamic asset list that contains
the following be used for?
ANY of the following are true:
Plugin ID is equal to 24786
