1 |Page
ACAS BEST PRACTICE KNOWLEDGE
EXAM 2 2026 WITH QUESTIONS AND
ANSWERS
Today is Thursday, and you are getting ready to run your weekly
vulnerability scans. Your plugins were updated on Monday.
Select the correct answer based on your status.
a. In compliance because active plugins must be updated within 7 days
before TASKORD-mandated scans.
b. In compliance because active plugins must be updated within 14 days
before TASKORD-mandated scans.
c. Out of compliance because active plugins must be updated within 72
hours before TASKORD-mandated scans.
d. Out of compliance because active plugins must be updated within 24
hours before TASKORD-mandated scans. - correct answer-a
According to the ACAS contract, what are the allowable options for
scanning stand-alone networks?
Select the best answers from the ACAS Standalone Guide.
a. Install both Nessus and Tenable.sc on a Linux system using Kickstart.
, 2 |Page
b. Install both Nessus and Tenable.sc on a 64-bit Windows operating
system with a virtualization application.
c. Install Nessus as its own standalone system.
d. There are no approved standalone options. DISA mandates that you
must install all components on a Linux system, and nothing else. - correct
answer-a b c
Components of an Active Vulnerability Scan consist of a scan policy,
schedule, credentials, scan zone, import repository, and __________.
Select the best answer to complete the statement.
a. User role
b. Endpoints/Targets
c. Assurance Report Cards
d. Asset Lists - correct answer-b
_________ are administrative level usernames and passwords (or SSH key
pairs) used in authenticated scans?
Select the best answer to complete the statement.
a. Audit files
b. Scan policies
c. Credentials
ACAS BEST PRACTICE KNOWLEDGE
EXAM 2 2026 WITH QUESTIONS AND
ANSWERS
Today is Thursday, and you are getting ready to run your weekly
vulnerability scans. Your plugins were updated on Monday.
Select the correct answer based on your status.
a. In compliance because active plugins must be updated within 7 days
before TASKORD-mandated scans.
b. In compliance because active plugins must be updated within 14 days
before TASKORD-mandated scans.
c. Out of compliance because active plugins must be updated within 72
hours before TASKORD-mandated scans.
d. Out of compliance because active plugins must be updated within 24
hours before TASKORD-mandated scans. - correct answer-a
According to the ACAS contract, what are the allowable options for
scanning stand-alone networks?
Select the best answers from the ACAS Standalone Guide.
a. Install both Nessus and Tenable.sc on a Linux system using Kickstart.
, 2 |Page
b. Install both Nessus and Tenable.sc on a 64-bit Windows operating
system with a virtualization application.
c. Install Nessus as its own standalone system.
d. There are no approved standalone options. DISA mandates that you
must install all components on a Linux system, and nothing else. - correct
answer-a b c
Components of an Active Vulnerability Scan consist of a scan policy,
schedule, credentials, scan zone, import repository, and __________.
Select the best answer to complete the statement.
a. User role
b. Endpoints/Targets
c. Assurance Report Cards
d. Asset Lists - correct answer-b
_________ are administrative level usernames and passwords (or SSH key
pairs) used in authenticated scans?
Select the best answer to complete the statement.
a. Audit files
b. Scan policies
c. Credentials
