ACAS Best Practice Knowledge Exam 2
How many import repositories can you select for a single scan? Select the best answer to the question. a. Only one b. A maximum of three c. You can select all your available repositories d. As many as you like, if none of them are agent repositories
a
To get the most accurate results on the security posture of a system, which of the following actions should be done prior to scanning? a. Update the plugins b. Patch the scanner c. Reboot the target host d. Log all users out of the system.
a
Today is Thursday, and you are getting ready to run your weekly vulnerability scans. Your plugins were updated on Monday. Select the correct answer based on your status. a. In compliance because active plugins must be updated within 7 days before TASKORD-mandated scans. b. In compliance because active plugins must be updated within 14 days before TASKORD-mandated scans. c. Out of compliance because active plugins must be updated within 72 hours before TASKORD-mandated scans. d. Out of compliance because active plugins must be updated within 24 hours before TASKORD-mandated scans.
a
According to the ACAS contract, what are the allowable options for scanning stand-alone networks? Select the best answers from the ACAS Standalone Guide. a. Install both Nessus and Tenable.sc on a Linux system using Kickstart. b. Install both Nessus and Tenable.sc on a 64-bit Windows operating system with a virtualization application. c. Install Nessus as its own standalone system. d. There are no approved standalone options. DISA mandates that you must install all components on a Linux system, and nothing else.
a b c
Per the ACAS Best Practices Policy Deviations spreadsheet, which Port Scan Range value tells the scanner to scan all ports? Select the best answers to the question. a. 1-65535 b. Default c. All d. Common
a c
Drag the matching description to the Scan Policy option from the list below. Sort elements a. Port Scan Range b. Enable Safe Checks c. Max Simultaneous Checks Per Host d. Max Simultaneous Checks Per Scan
a. Directs the scanner to target a specific range of ports. b. Ensures that potential harmful plugins are not exercised by the Scanner. c. Limits the maximum number of plugins a Nessus scanner will send to a single host at one time. d. Limits the maximum number of targets that a single Nessus scanner will scan at the same time.
Components of an Active Vulnerability Scan consist of a scan policy, schedule, credentials, scan zone, import repository, and __________. Select the best answer to complete the statement. a. User role b. Endpoints/Targets c. Assurance Report Cards d. Asset Lists
b
Networks using Dynamic Host Configuration Protocol (DHCP) require that this active scan setting be enabled to properly track hosts. Select the best answer for the statement. a. Rollover Option b. Enable Safe Checks c. Track hosts which have been issued new IP addresses d. Remove vulnerabilities from scanned hosts that have been inactive for (X days)
c
You need to make a change to a setting in the BPG Vulnerability Scan Policy Template, such as the anti-virus definition period setting. Which of the following is a true statement? a. Submit a copy of the modified template to JFHQ-DODIN for approval b. Make the changes as needed, there are no other requirements. c. Ensure the change is documented and approved by you AO, ISSM, or local authority. d. Don't make any changes, changing the BPG-provided scan is not allowed per CCRI audit guidelines.
c
_________ are administrative level usernames and passwords (or SSH key pairs) used in authenticated scans? Select the best answer to complete the statement. a. Audit files b. Scan policies c. Credentials d. Asset lists
c
