Annex D: Part III - Assured Compliance
Assessment Solution (ACAS) UPDATED
ACTUAL Questions and CORRECT
Answers
ACAS Repositories - CORRECT ANSWER - 1. Local
2. Remote
3. Offline
Defining Repositories - CORRECT ANSWER - proprietary data files, residing on the
security center, that store scan results.
T/F: Repositories are created by an administrator then made available to organizations as
appropriate. - CORRECT ANSWER - True
Local Repositories - CORRECT ANSWER - active repositories of Security Center data
collected via scanners attached to the local Security Center
Remote Repositories - CORRECT ANSWER - contain IP address and vulnerability
information obtained via network synchronization
with a second (remote) Security Center.
Offline Repositories - CORRECT ANSWER - enable Security Center to obtain repository
data via manual file export/import from a remote Security Center that is not network-accessible.
Defining Audit Files - CORRECT ANSWER - -text files that contain the specific
configuration
-file permission
-access control tests to be
, performed.
come from:
1) Tenable network security templates (SC 5)
2) DISA STIG automated benchmarks (.zip)
3) SCAP compliant checklists from NIST (.xccdf)
Using DISA STIG Automated Benchmark Files - CORRECT ANSWER - Security Center
can create audit files by ingesting DISA STIG automated benchmark files in the .xccdf format.
DISA STIG benchmark files are available on the IASE portal
Using SCAP Content - CORRECT ANSWER - our security center also creates audit files
by ingesting NIST's SCAP files. NIST maintains the common configuration enumeration system.
Uploading Audit Files - CORRECT ANSWER - Administrators can upload audit files for
security center-wide usage, while authorized organizational users can upload them for use by
their user group
Compliance - CORRECT ANSWER - DISA will generate the STIGs based on secure
recommendations from software vendors. Then the STIG configuration settings are converted to
SCAP content, imported into Security Center, and used by Nessus Scanners to audit asset
configurations for compliance
A repository has_________ a GB limit and is not organization specific. - CORRECT
ANSWER - 32
T/F: Access to a repository is controlled by an ACAS administrator - CORRECT
ANSWER - True
Assessment Solution (ACAS) UPDATED
ACTUAL Questions and CORRECT
Answers
ACAS Repositories - CORRECT ANSWER - 1. Local
2. Remote
3. Offline
Defining Repositories - CORRECT ANSWER - proprietary data files, residing on the
security center, that store scan results.
T/F: Repositories are created by an administrator then made available to organizations as
appropriate. - CORRECT ANSWER - True
Local Repositories - CORRECT ANSWER - active repositories of Security Center data
collected via scanners attached to the local Security Center
Remote Repositories - CORRECT ANSWER - contain IP address and vulnerability
information obtained via network synchronization
with a second (remote) Security Center.
Offline Repositories - CORRECT ANSWER - enable Security Center to obtain repository
data via manual file export/import from a remote Security Center that is not network-accessible.
Defining Audit Files - CORRECT ANSWER - -text files that contain the specific
configuration
-file permission
-access control tests to be
, performed.
come from:
1) Tenable network security templates (SC 5)
2) DISA STIG automated benchmarks (.zip)
3) SCAP compliant checklists from NIST (.xccdf)
Using DISA STIG Automated Benchmark Files - CORRECT ANSWER - Security Center
can create audit files by ingesting DISA STIG automated benchmark files in the .xccdf format.
DISA STIG benchmark files are available on the IASE portal
Using SCAP Content - CORRECT ANSWER - our security center also creates audit files
by ingesting NIST's SCAP files. NIST maintains the common configuration enumeration system.
Uploading Audit Files - CORRECT ANSWER - Administrators can upload audit files for
security center-wide usage, while authorized organizational users can upload them for use by
their user group
Compliance - CORRECT ANSWER - DISA will generate the STIGs based on secure
recommendations from software vendors. Then the STIG configuration settings are converted to
SCAP content, imported into Security Center, and used by Nessus Scanners to audit asset
configurations for compliance
A repository has_________ a GB limit and is not organization specific. - CORRECT
ANSWER - 32
T/F: Access to a repository is controlled by an ACAS administrator - CORRECT
ANSWER - True
