ACAS Training and Best Practice Reviews
CAT I vulnerability weight
10
Maximum hosts in a single targeted scan
2,500
CAT II vulnerability weight
4
Air Force entity for ACAS information
561 NOS
This is the default Nessus port as of Nessus 8.
8834
Tenable.sc repostirories are
A repository database is crucial for storing detailed information about network vulnerabilities, compliance data, and other security-related insights derived from scans across an organization's network. Key points about the Tenable.sc repositories include: Repositories: The Tenable.sc database is organized into repositories, which are specialized databases within Tenable.sc designed for scalable and configurable data storage. These repositories store detailed information collected during security and vulnerability assessments .
Accept Risk allows user to accept risks for vulnerabilities which removes them from the default view for analysis, dashboards, and reports. Per the Best Practices Guide, any recast or accepted risk should be ____. Select the answer(s) to complete the statement.
Accepted by the AO at your site/facility Annotated with trouble ticket from the ACAS Support Desk Documented to ensure the status of the plugins is clear to a visiting auditor and/or other organizational security staff.
What are agent scans?
Agent scans fetch results from agent scans you add and launch in Tenable Security Center. When you add an agent scan in Tenable Security Center, Tenable Security Center creates a corresponding agent scan in an instance of Tenable Nessus Manager or Tenable Vulnerability Management that you linked to Tenable Security Center. When you launch an agent scan in Tenable Security Center, Tenable Security Center launches the corresponding scan in Tenable Nessus Manager or Tenable Vulnerability Management, then imports the results into Tenable Security Center.
Vulnerability scan type
Assessment Scan (authenticated vs unauthenticated) Discovery Scan - find assets on your network
Describe Assets
Assets are lists of devices (for example, laptops, servers, tablets, or phones) within a Tenable Security Center organization. You can share assets with one or more users based on local security policy requirements. You can add an asset to group devices that share common attributes. Then, you can use the asset during scan configuration to target the devices in the asset.
ACAS acronym
Assured Compliance Assessment Solution
CVSS vs. VPR
CVSS is the overall score assigned to a vulnerability. CVE is simply a list of all publicly disclosed vulnerabilities that includes the CVE ID, a description, dates, and comments. The CVSS score is not reported in the CVE listing - you must use the NVD to find assigned CVSS scores. Tenable calculates a dynamic VPR for most vulnerabilities. The VPR is a dynamic companion to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to reflect the current threat landscape. VPR values range from 0.1-10.0, with a higher value representing a higher likelihood of exploit. Note: When you view these metrics on an analysis page organized by plugin (for example, the Vulnerabilities page), the metrics represent the highest value assigned or calculated for a vulnerability associated with the plugin.
Nessus scanners
Collects data and reports results to Tenable.sc console
credentials
Credentials are reusable objects that facilitate a login to a scan target. You can configure various types of credentials with different authentication methods for use within scan policies. You can also share credentials between users for scanning purposes. Tenable Security Center supports an unlimited number of SSH, Windows, and database credentials, and four SNMP credential sets per scan configuration.
What is the DoD Server feed for Tenable.sc plugins?
DISA Plugin Server
SecurityCenter plugin update frequency
Daily
ACAS account access
Determined by roles
What scan type does Tenable recommends using to see what hosts are on your network, and associated information such as IP address, FQDN, operating systems, and open ports, if available. After you have a list of hosts, you can choose what hosts you want to target in a specific vulnerability scan.
Discovery
What are the two different scans in Tennable.sc?
Discovery Assessment Scan: (auth or unauth) active scan Agent scan
ACAS asset list for validating hosts
Dynamic
Dyanmic assets
Dynamic Assets Dynamic assets are flexible groups of condition statements that Tenable Security Center uses to retrieve a list of devices meeting the conditions. Tenable Security Center refreshes dynamic asset lists using the results from Tenable Security Center scans. You cannot use dynamic assets until after Tenable Security Center performs an initial discovery scan and retrieves a list of devices.
It is for authentication failures, and means that credentials were attempted and failed.
Explain plugin 21745
Network Address Declaration (NAD) responsibility
ISSM
In the options drop-down on the page, select "Switch to Cumulative."
If you are looking at an individual set of scan results and you navigate to Analysis > Vulnerabilities, what must you do in order to see everything together as opposed to still seeing the individual scan result?
What is a Tenable Scan policy
In Tenable's Security Center (now part of Tenable.sc for clarity), a scan policy is a comprehensive set of configurations that dictate how vulnerability scans are conducted. It contains: Plugin Settings: Defines which plugins are enabled or disabled for a scan. Plugins are scripts that check for specific types of vulnerabilities. Advanced Directives: These are configurations that fine-tune the scanning process, adjusting it for specific requirements or environments. When an administrator creates a scan policy in Tenable Security Center, they're essentially setting up the rules and conditions under which a scan will operate. This includes the depth of the scan, the types of vulnerabilities to look for, and how aggressively the scan should attempt to identify potential security issues. T
Security Manager Role Capabilities
Launches scans, configures users, policies, and objects for their organization
What is Nessus agent used for?
Nessus Agents provide vulnerability scan data from systems that may not be accessible with traditional network-based methods because they are not on the campus network during traditional network scan windows. Agents are considerably more secure and easier to manage than using credentialed scanning.
What does Nessus detect?
Nessus identifies software flaws, missing patches, malware, denial-of-service vulnerabilities, default passwords and misconfiguration errors, among other potential flaws.
ACAS configuration tasks
Performed by Administrator role
ACAS metrics
Pulled from 'Scans > Scan Results' in ACAS Menu Tab
What is a repository?
Repositories are databases within Tenable Security Center that contain vulnerability data. You can share repositories with users and organizations based on admin-defined assets. Repositories provide scalable and configurable data storage. Optionally, you can share repository data between multiple Tenable Security Centers.
Match the appropriate definition with the building block. Drag the definition and drop it beside the term that it describes. Roles Groups Users
Roles Define what a user can do (such as having full, limited, or no scanning permissions) Groups Combine access rights to objects within an organization for quick assignment to one or more users. Users Are individual Tenable.sc accounts
What are scan policies?
Scan policies contain plugin settings and advanced directives for active scans. When an administrator user creates a scan policy, the policy is available to all organizations. When an organizational user creates a scan policy, the scan policy is available only to their organization. Users with the appropriate permissions can use scan policies in an active scan, modify policy options, and more.
ACAS architecture process step
Scan results are sent back to Tenable.sc
Scan zone
Scan zones are areas of your network that you want to target in an active scan Associates an IP address or range of IP addresses with one or more scanners You must create scan zones in order to run active scans in Tenable Security Center.
Scan Zones
Scan zones are areas of your network that you want to target in an active scan, associating an IP address or range of IP addresses with one or more scanners in your deployment. You must create scan zones in order to run active scans in Tenable Security Center
What are the different ACAS Products in the environment
See the table Tenable.sc for the user interface
JFHQ-DODIN Order
TASKORD 20-0020
JFHQ-DODIN TASKORD for ACAS deployment
TASKORD 20-0020
Tenable Nessus Agents are?
Tenable Nessus Agents collect vulnerability, compliance, and system data, and report that information back to a manager for analysis. With Tenable Nessus Agents, you extend scan flexibility and coverage. You can scan hosts and endpoints that intermittently connect to the internet without using credentials.
Is Tenable a vulnerability scanner?
Tenable Vulnerability Management Web App Scanning (WAS)*: Comprehensive vulnerability scanning for modern web applications. Its accurate vulnerability coverage minimizes false positives and negatives, ensuring your security team understands true security risks in your web applications.
Audit Files
The Tenable Nessus vulnerability scanner allows you to perform compliance audits of numerous platforms including (but not limited to) databases, Cisco, Unix, and Windows configurations as well as sensitive data discovery based on regex contained in audit files. Audit files are XML-based text files that contain the specific configuration, file permission, and access control tests to be performed.
Repository
This object in SecurityCenter is controlled by an IP list that decides what vulnerability data can be stored within it.
Scan Zones
This object within SecurityCenter has scanners assigned to it, and the end users select it when they are deciding what scanners to scan with. Can have one or more associated scanners.
19506
This plugin tells you information about your scan itself.
According to the ACAS Best Practices Guide/ACAS TASKORD, both Discovery and Vulnerability Scans are to be credentialed. True False
True
Describe overlapping Scan Zones
Two or more scan zones are redundant if they target the same area of your network. If Tenable Security Center executes a scan with redundant scan zones, it first attempts the scan using the narrowest, most specific scan zone. In this example, the red numbers represent specific IP addresses on your network. The grey circles represent the network coverage of individual scan zones.
These are the updates that SecurityCenter receives from Tenable, and thus any managed scanners receive the updates from SecurityCenter.
What is the significance of a "plugin feed?"
The Nessus interface port, 8834 by default.
When SecurityCenter is pointed at a scanner, it must be able to access what port?
What is an remote repote
When adding an external repository, you access a local repository from another Tenable Security Center: l Remote repositories allow you to share repository data from one Tenable Security Center deployment to your primary Tenable Security Center deployment via an SSH session. l Offline repositories allow you to share repository data from one Tenable Security Center deployment to your primary Tenable Security Center deployment via manual export and import (a .tar.gz archive file). You can combine data from several repository files into a single offline repository by importing multiple files to the offline repository.
what is special about adding local repositories?
When adding local repositories, you designate storage within Tenable Security Center for different types of vulnerability data. Scanners attached to a Tenable Security Center populate your local repositories with vulnerability data.
When a login was not even attempted, thus no credentials were even used for it to have failed.
When would you see plugin 19506 with a line that says "Credentialed Checks: No" but you would NOT see plugin 21745?
What type of scan is Tenable?
You can perform two types of scans using Tenable products: discovery scans and assessment scans. Tenable recommends performing discovery scans to get an accurate picture of the assets on your network and assessment scans to understand the vulnerabilities on your assets.
A vulnerability will be marked as mitigated in the Tenable.sc repository if a subsequent scan determines that the vulnerability is no longer present on the endpoint. Select the correct answer. a. True b. False
a
According to the Best Practices Guide, which Plugin is a good starting point when working issues with scanning an endpoint or unexpected results. Select the best answer. a. 19506 b. 21745 c. 30300 d. 45678
a
How many import repositories can you select for a single scan? Select the best answer to the question. a. Only one b. A maximum of three c. You can select all your available repositories d. As many as you like, if none of them are agent repositories
a
It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the Task Order 20-0020, which of the following statements reflects your current compliance status? Select the best answer. In compliance because configuration scans are only required every 30 days. In compliance because vulnerability scans are only required every 21 days. Out of compliance because configuration scans are required every 14 days. Out of compliance because vulnerability scans are required every single day.
a
Nessus Agents are lightweight Nessus scanners installed on the endpoint, according to the ACAS Agent Rapid Deployment Guide. Select the best answer. a. True b. False
a
To get the most accurate results on the security posture of a system, which of the following actions should be done prior to scanning? a. Update the plugins b. Patch the scanner c. Reboot the target host d. Log all users out of the system.
a
Today is Thursday, and you are getting ready to run your weekly vulnerability scans. Your plugins were updated on Monday. Select the correct answer based on your status. a. In compliance because active plugins must be updated within 7 days before TASKORD-mandated scans. b. In compliance because active plugins must be updated within 14 days before TASKORD-mandated scans. c. Out of compliance because active plugins must be updated within 72 hours before TASKORD-mandated scans. d. Out of compliance because active plugins must be updated within 24 hours before TASKORD-mandated scans.
a
Which User role has the permission to create scan zones, repositories, and organizations? Select the best answer. a. Administrator b. Security Manager c. Executive d. All of the above
a
When you create dynamic asset list(s), which of the following occurs? Select the best answer. a. Tenable.sc runs a scan to find assets that match the dynamic asset list's rules. b. Tenable.sc queries the repository(ies) to find assets that match the dynamic asset list's rules. c. Tanium runs a query to find the answer.
a Dynamic assets are flexible groups of condition statements that Tenable Security Center uses to retrieve a list of devices meeting the conditions. Tenable Security Center refreshes dynamic asset lists using the results from Tenable Security Center scans. You cannot use dynamic assets until after Tenable Security Center performs an initial discovery scan and retrieves a list of devices.
Per the Best Practices Guide, which of the following statements are true? Select the correct answer(s). a. The TASKORD defines several target types on which Nessus Agents are required to be installed. b. Nessus Agents can be installed on addition endpoints above TASKORD requirement. c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must also be scanned with the Nessus active scanner using ACAS Best Practice Guide Agent Differential scan policy. d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS. e. All the above
a b c
Which of the following are valid Tenable.sc report types? Select all that apply. a. CSV b. HTML c. ARF d. PDF
a b d
Per the ACAS Best Practices Policy Deviations spreadsheet, which Port Scan Range value tells the scanner to scan all ports? Select the best answers to the question. a. 1-65535 b. Default c. All d. Common
a c
Per the Best Practices Guide, what could be some possible suggestions for reducing scan times. Select the best answers. a. Stagger scans to minimize running multiple scans simultaneously b. Add scanners to increase overall scan times c. Add scan zones to minimize the amount of the network that needs to be traversed between the scanner and target d. Group hosts that have consistent slow scan times, work with target system admins to identify the cause of performance issues e. Configure dashboards to evaluate more often
a c d
Per the Best Practices Guide, which of these statements is true. Select the correct answers. a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit files are to be used for configuration scanning in ACAS. b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into CMRS. c. Audit files are proprietary formatted XML files that define how ACAS should check for configuration with a specified benchmark. d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update Tenable.sc e. None of the above
a c d
Drag the matching description to the Scan Policy option from the list below. Sort elements a. Port Scan Range b. Enable Safe Checks c. Max Simultaneous Checks Per Host d. Max Simultaneous Checks Per Scan
a. Directs the scanner to target a specific range of ports. b. Ensures that potential harmful plugins are not exercised by the Scanner. c. Limits the maximum number of plugins a Nessus scanner will send to a single host at one time. d. Limits the maximum number of targets that a single Nessus scanner will scan at the same time.
Choose the Tenable.sc Severity Level that corresponds to the Configuration result. Tenable re-used severity levels for configuration results. a. Critical b. High c. Medium d. Info
a. Not used with configuration b. Failed configuration check c. Unable to Determine/Error d. Passed configuration check
Components of an Active Vulnerability Scan consist of a scan policy, schedule, credentials, scan zone, import repository, and __________. Select the best answer to complete the statement. a. User role b. Endpoints/Targets c. Assurance Report Cards d. Asset Lists
b
Nessus Agent and Manager use the same software. Select the correct answer. a. True b. False
b
Under the DoD ACAS contract, where would you acquire the software to install for a new ACAS deployment? Select the best answer. a. Tenable.com b. DISA Patch Repository c. Devforce d. Cyber.mil
b
Under the DoD ACAS contract, where would you acquire the software to install for a new ACAS deployment? Select the best answer. a. Tenable.com b. Patch Repository c. Devforce d. Cyber.mil
b
When adding a new Report in ACAS using a template, which option allows you to specify an Asset (List), IP Address, and/or Repository? Select the best answer. a. Add b. Focus c. Export d. Launch
b
Which of the custom DISA scan policies on the Patch Repository has most or all the plugin families enabled? Select the best answer. a. OS Discovery b. Vulnerability c. Configuration d. Differential
b
Which of the following Report Distribution options allows you to send report results to a user in a different organization? Select the best answer. a. Email Users b. Email Addresses c. Share d. Query
b
Which of these statements about the Nessus Network Monitor is accurate, according to the ACAS Best Practices Guide? Select the best answer. a. Nessus Network Monitor (NNM) data has the same fidelity as that of credentialed Nessus scan data. b. NNM data is similar to Nessus remote checks, as the finding are based on protocol analysis and are reliably accurate, while others are based on application banners and is not accurate in many cases. c. Both are correct
b
Clicking the Pushpin icon next to a Dashboard name on the Manage Dashboards page will do which of the following? Select the best answer. a. Share the dashboard with other Tenable.sc users in other organizations b. Hide the dashboard from other users in your group c. Make the dashboard available/unavailable in the Switch Dashboards menu e. Make the dashboard inactive so it stops updating.
c
Frequently used _____________ can be saved as _____________ for use in analysis, dashboards, reports, tickets, and alerts. Select the best answer to complete the statement. a. plugins, tickets b. scans, policies c. filters, queries d. filters, alerts
c
It has been 8 days since your last full, credentialed vulnerability scan. What is your current compliance status? Select the best statement that reflects your compliance status. a. In compliance because vulnerability scans are only required every 30 days b. In compliance because vulnerability scans are only required every 14 days c. Out of compliance because vulnerability scans are required every 7 days. d. Out of compliance because vulnerability scans required daily.
c
Networks using Dynamic Host Configuration Protocol (DHCP) require that this active scan setting be enabled to properly track hosts. Select the best answer for the statement. a. Rollover Option b. Enable Safe Checks c. Track hosts which have been issued new IP addresses d. Remove vulnerabilities from scanned hosts that have been inactive for (X days)
c
Select the best answer. a. Active Scan View b. Vulnerability Summary c. IP Summary d. Remediation Summary
c
The organization should provision Nessus scanners and Scan Zones to ensure the organization can scan all their hosts during a CCRI visit. Per the Best Practices Guide, this currently lasts how long? Select the best answer. a. 12-24 hours b. 12-36 hours c. 48-72 hours d. 60 hours
c
Today is Friday, and you are getting ready to run your weekly vulnerability scans. Your last discovery scan was performed on Monday. Select the best statement that describes your compliance status. a. In compliance because vulnerability scans are to be initiated no less than 14 days after the discovery scan/operation is "Completed" b. In compliance because active plugins must be updated no less than 7 days after the discovery scan/operation is "Completed" c. Out of compliance because vulnerability scans are to be initiated not later than (NLT) 72 hours after the discovery scan/operation is "Completed" d. Out of compliance because vulnerability scans are to be initiated no less thank 24 hours after the discovery scan/operation is "Completed"
c
You have been tasked with installing your ACAS components. Which statement is correct? a. You should install Tenable.sc on a Windows 10 platform because that is what is approved by DISA b. You may install Tenable.sc on a Windows 7 machine because that is what you have available c. You should install Tenable.sc on a Red Hat Linux platform because that is what is approved by DISA d. You may install Tenable.sc on any platform you want because it is a COTS product.
c
You need to make a change to a setting in the BPG Vulnerability Scan Policy Template, such as the anti-virus definition period setting. Which of the following is a true statement? a. Submit a copy of the modified template to JFHQ-DODIN for approval b. Make the changes as needed, there are no other requirements. c. Ensure the change is documented and approved by you AO, ISSM, or local authority. d. Don't make any changes, changing the BPG-provided scan is not allowed per CCRI audit guidelines.
c
_________ are administrative level usernames and passwords (or SSH key pairs) used in authenticated scans? Select the best answer to complete the statement. a. Audit files b. Scan policies c. Credentials d. Asset lists
c
Per Task Order/FRAGO, which of the following statements is true? Select the best answer. a. Deploy at least one NNM for discovery scanning of IPv6 hosts. b. Deploy NNM to VPN entry points to enable passive monitoring of VPN terrain and discovery of endpoints connecting via VPN. c. Deploy at least one NNM internal to the AO, on each circuit that connects AO Unclassified and Classified networks. d. All of the above
d
Per the TASKORD the organization will conduct discovery scans of the site's assigned IP space (active and inactive IP addresses and ranges) at least once every how many days? Select the best answer (per the Best Practices Guide). a. 7 b. 14 c. 21 d. 30
d
You have your repositories set to save active scan results for 30 days. Which of the following statements are true? Select the best answer . a. This is not sufficient, because you must store scan results for the default retention period of 365 days. b. This is not sufficient, because you must store a minimum of 90-days of scan data in Tenable.sc. c. 30 days of scan results is sufficient. d. 30 days of scan data in Tenable.sc is sufficient if you have additional data stored somewhere else for a total of at least 90 days.
d
What vulnerabilities are stored in Tenable.sc's Cumulative Repository? Select the best answer. a. Newly mitigated vulnerabilities b. Vulnerabilities discovered from the most recent scan c. Vulnerabilities discovered from the current days scan d. Current vulnerabilities, including those that have been recast, accepted, or mitigated and found vulnerable on rescan
d Cumulative Vulnerabilities The cumulative database contains currently vulnerable vulnerabilities, including recast, accepted, or previously mitigated vulnerabilities. Mitigated Vulnerabilities The mitigated database contains vulnerabilities that Tenable Security Center determines are not vulnerable, based on the scan definition, the results of the scan, the current state of the cumulative view, and authentication information.
Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are proprietary formatted XML files that define how ACAS should check for configuration with a specified STIG? Select the best answer: a. Credentials b. Queries c. Policies d. Audit Files
d The Tenable Nessus vulnerability scanner allows you to perform compliance audits of numerous platforms including (but not limited to) databases, Cisco, Unix, and Windows configurations as well as sensitive data discovery based on regex contained in audit files. Audit files are XML-based text files that contain the specific configuration, file permission, and access control tests to be performed. Log in to Tenable Security Center via the user interface. Click Scans > Audit Files. The Audit Files page appears.
What are the different menu options on the Tennable.SC dashboard
see picture
