ACAS Study Questions
_________ displays vulnerabilities based on their DoD IAVA and IAVB mappings - ANS-The
IAVM Summary
__________ sorts vulnerabilities by plugin ID count. Columns of plugin ID, total and severity can
be sorted by clicking on the column header - ANS-The vulnerability summary
___________ directs the scanner to target a specific range of ports. - ANS-Port scan range
___________ lists the matching addresses, their vulnerability score, the repository the data is
stored in, the CPE value, vulnerability count and a breakdown of the individual severity counts. -
ANS-The IP summary
___________ provides a list of actions that may be taken to prioritize tasks that have the
greatest effect to reduce vulnerabilities in systems - ANS-
___________ provides a list of actions that may be taken to prioritize tasks that have the
greatest effect to reduce vulnerabilities in systems - ANS-The remediation summary
____________ are administrative-level usernames and passwords (or SSH keypairs) used in
authenticated scans? - ANS-Credentials
____________ ensures that harmful vulnerabilities are not exercised by the scanner. -
ANS-Enabling safe checks
____________ limits the maximum number of plugins a nessus scanner will send to a single
host at one time. - ANS-Max simultaneous checks per host
____________ limits the maximum number of targets that a single nessus scanner will scan at
the same time. - ANS-Max simultaneous checks per scan
____________ shows the actual findings of a vulnerability scan, including plugin output and
cross references. - ANS-The vulnerability detail list
A defined static range of IP addresses with an associated Nessus scanner is called a
_____________________. - ANS-Scan Zone
A group of users responsible for a specific number of assets is an _______________. -
ANS-Organization
,A lightweight program installed on the host that gives you visibility into other IT assets that
connect intermittently to the internet - ANS-A Nessus Agent
A list of IP addresses that requires user intervention in order to change what defines them is a
____________. - ANS-Static asset list
A script file used to collect and interpret vulnerability, compliance and configuration is a
____________. - ANS-Plugin
A set of proprietary data files that stores scan results and resides on the Tenable.sc is known as
a _____________________. - ANS-Repository
Acceptable audit files for tenable.sc include which of the following?
-Tenable Network Security Templates
-DISA STIG/SCAP Automated Benchmarks
-Retina Audits - ANS-Tenable Network Security Templates & DISA STIG/SCAP Automated
Benchmarks
According to the ACAS contract, what are the three allowable options for scanning stand alone
networks? - ANS-1) Install both Nessus and Tenable on a Lunix system using the ACAS
kickstart
2) Configure a windows OS with VM software, installing both Tenable and Nessus on the virtual
machines
3) Detach the Nessus system from Tenable and place it in the isolated enclave for scanning.
Once Scanning is complete, reattach Nessus to the tenable and manually upload scan results
All of the following are benefits of the NNM, except ___________.
-Network deployment on several different operating systems
-Monitoring your network between active scans
-Identifying vulnerabilities in areas where you cannot actively scan
-Eliminating the need for active scans - ANS-Eliminating the need for active scans
All of these are examples of dashboard components except which one?
A. Table
B. Pie Chart
C. Matrix
D. XY Axis Graph - ANS-D. X/Y Axsis Graph
,Allows separate Tenable.sc instances to share repository data via a SSH session. __________
Repository - ANS-Remote
An organization is a __________ that are responsible for ___________.
A. Groups of assets; a set of common security functions
B. Administrators; scan zones
C. Set of distinct users and groups and the resources they have available to them; specific sets
of assets
D. Security communities; a set of common assets - ANS-Set of distinct users and groups and
the resources they have available to them, specific sets of assets
Clicking the pushpin icon next to a dashboard name on the manage dashboards page will do
which of the following? - ANS-Make the dashboard available/unavailable in the switch
dashboards menu
Components of an actve vulnerability scan consist of: a scan policy, schedule, credentials, scan
zone, import repo and ________________. - ANS-Targets
Contains imported data discovered by the Nessus scanner and Nessus network monitors.
______________ Repository - ANS-Local
Data is synchronized manually using an archive file (.tar.gz) and not via network transmission.
______________ Repository - ANS-Offline
Frequently used _______ can be saved as _______ for use in analysis, dashboards, reports,
tickets and alerts. - ANS-filters; queries
How do you specify what an alert does after it has been triggered? - ANS-Add actions
Indicate the order for running a compliance scan:
-Create a credentialed active scan
-Launch the scan
-Create an audit file
-Create a scan policy
-View the scan results - ANS-1. Create an audit file
2. Create a scan policy
3. Create a credentialed active scan
4.Launch the scan
5.View the scan results
MATCHING: Groups
, A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc account - ANS-D. Combine access rights to objects within an
organization for quick assignment to one or more users
MATCHING: Roles
A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc accounts - ANS-B Define what a user can do
MATCHING: Users
A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc accounts - ANS-E. Are individual Tenable.sc accounts
Networks using dynamic host configuration protocol (SHCP) require that this active scan setting
be enabled to properly track hosts. - ANS-Track hosts which have been issued new IP
addresses
Per the ACAS contract, how can you get your Tenable.sc plugin updates? - ANS-Automatically
from DISA's plugin server or manually form the DoD patch repository
Repositories are proprietary data files residing on the Tenable.sc that store _____________? -
ANS-Scan results
Repositories can contain all EXCEPT which one of the following data formats?
A. Agent
B. Binary
C. IPv4
D. IPv6
E. Mobile - ANS-Binary
_________ displays vulnerabilities based on their DoD IAVA and IAVB mappings - ANS-The
IAVM Summary
__________ sorts vulnerabilities by plugin ID count. Columns of plugin ID, total and severity can
be sorted by clicking on the column header - ANS-The vulnerability summary
___________ directs the scanner to target a specific range of ports. - ANS-Port scan range
___________ lists the matching addresses, their vulnerability score, the repository the data is
stored in, the CPE value, vulnerability count and a breakdown of the individual severity counts. -
ANS-The IP summary
___________ provides a list of actions that may be taken to prioritize tasks that have the
greatest effect to reduce vulnerabilities in systems - ANS-
___________ provides a list of actions that may be taken to prioritize tasks that have the
greatest effect to reduce vulnerabilities in systems - ANS-The remediation summary
____________ are administrative-level usernames and passwords (or SSH keypairs) used in
authenticated scans? - ANS-Credentials
____________ ensures that harmful vulnerabilities are not exercised by the scanner. -
ANS-Enabling safe checks
____________ limits the maximum number of plugins a nessus scanner will send to a single
host at one time. - ANS-Max simultaneous checks per host
____________ limits the maximum number of targets that a single nessus scanner will scan at
the same time. - ANS-Max simultaneous checks per scan
____________ shows the actual findings of a vulnerability scan, including plugin output and
cross references. - ANS-The vulnerability detail list
A defined static range of IP addresses with an associated Nessus scanner is called a
_____________________. - ANS-Scan Zone
A group of users responsible for a specific number of assets is an _______________. -
ANS-Organization
,A lightweight program installed on the host that gives you visibility into other IT assets that
connect intermittently to the internet - ANS-A Nessus Agent
A list of IP addresses that requires user intervention in order to change what defines them is a
____________. - ANS-Static asset list
A script file used to collect and interpret vulnerability, compliance and configuration is a
____________. - ANS-Plugin
A set of proprietary data files that stores scan results and resides on the Tenable.sc is known as
a _____________________. - ANS-Repository
Acceptable audit files for tenable.sc include which of the following?
-Tenable Network Security Templates
-DISA STIG/SCAP Automated Benchmarks
-Retina Audits - ANS-Tenable Network Security Templates & DISA STIG/SCAP Automated
Benchmarks
According to the ACAS contract, what are the three allowable options for scanning stand alone
networks? - ANS-1) Install both Nessus and Tenable on a Lunix system using the ACAS
kickstart
2) Configure a windows OS with VM software, installing both Tenable and Nessus on the virtual
machines
3) Detach the Nessus system from Tenable and place it in the isolated enclave for scanning.
Once Scanning is complete, reattach Nessus to the tenable and manually upload scan results
All of the following are benefits of the NNM, except ___________.
-Network deployment on several different operating systems
-Monitoring your network between active scans
-Identifying vulnerabilities in areas where you cannot actively scan
-Eliminating the need for active scans - ANS-Eliminating the need for active scans
All of these are examples of dashboard components except which one?
A. Table
B. Pie Chart
C. Matrix
D. XY Axis Graph - ANS-D. X/Y Axsis Graph
,Allows separate Tenable.sc instances to share repository data via a SSH session. __________
Repository - ANS-Remote
An organization is a __________ that are responsible for ___________.
A. Groups of assets; a set of common security functions
B. Administrators; scan zones
C. Set of distinct users and groups and the resources they have available to them; specific sets
of assets
D. Security communities; a set of common assets - ANS-Set of distinct users and groups and
the resources they have available to them, specific sets of assets
Clicking the pushpin icon next to a dashboard name on the manage dashboards page will do
which of the following? - ANS-Make the dashboard available/unavailable in the switch
dashboards menu
Components of an actve vulnerability scan consist of: a scan policy, schedule, credentials, scan
zone, import repo and ________________. - ANS-Targets
Contains imported data discovered by the Nessus scanner and Nessus network monitors.
______________ Repository - ANS-Local
Data is synchronized manually using an archive file (.tar.gz) and not via network transmission.
______________ Repository - ANS-Offline
Frequently used _______ can be saved as _______ for use in analysis, dashboards, reports,
tickets and alerts. - ANS-filters; queries
How do you specify what an alert does after it has been triggered? - ANS-Add actions
Indicate the order for running a compliance scan:
-Create a credentialed active scan
-Launch the scan
-Create an audit file
-Create a scan policy
-View the scan results - ANS-1. Create an audit file
2. Create a scan policy
3. Create a credentialed active scan
4.Launch the scan
5.View the scan results
MATCHING: Groups
, A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc account - ANS-D. Combine access rights to objects within an
organization for quick assignment to one or more users
MATCHING: Roles
A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc accounts - ANS-B Define what a user can do
MATCHING: Users
A. Define which reports you can create
B. Define what a user can do
C. Define which plugins
D. Combine access rights to objects within an organization for quick assignment to one or more
users
E. Are individual Tenable.sc accounts - ANS-E. Are individual Tenable.sc accounts
Networks using dynamic host configuration protocol (SHCP) require that this active scan setting
be enabled to properly track hosts. - ANS-Track hosts which have been issued new IP
addresses
Per the ACAS contract, how can you get your Tenable.sc plugin updates? - ANS-Automatically
from DISA's plugin server or manually form the DoD patch repository
Repositories are proprietary data files residing on the Tenable.sc that store _____________? -
ANS-Scan results
Repositories can contain all EXCEPT which one of the following data formats?
A. Agent
B. Binary
C. IPv4
D. IPv6
E. Mobile - ANS-Binary
