1
ACAS Best Practice Knowledge Exam 1-6
Complete Solutions 2026/2027
DOMAIN 1: ACAS FUNDAMENTALS & COMPONENT ARCHITECTURE (15 Questions)
Question 1 (Multiple-Choice)
What is the primary purpose of the Assured Compliance Assessment Solution (ACAS)?
A) To provide real-time network intrusion detection and prevention for DoD networks
B) To serve as a network-based security compliance and assessment capability designed to
provide awareness of the security posture and network health of DoD networks
C) To replace all manual security assessment procedures with fully automated penetration
testing
D) To function exclusively as a configuration management database for DoD IT assets
Answer: B [CORRECT]
Rationale: ACAS is defined as a network-based security compliance and assessment capability
designed to provide awareness of the security posture and network health of DoD networks. It
integrates vulnerability assessment, configuration compliance auditing, and continuous
monitoring capabilities to support enterprise network security operations in accordance with
DISA standards and TASKORD directives.
Question 2 (Multiple-Choice)
Which of the following best describes the ACAS mission as it relates to DoD network
operations?
A) ACAS is designed exclusively for perimeter firewall configuration and management
B) ACAS provides vulnerability management and compliance assessment to identify known
system vulnerabilities and assess DoD enterprise networks against DoD standards
C) ACAS functions primarily as an antivirus and endpoint protection platform for classified
networks
D) ACAS serves only as a ticketing system for security incident response within DoD
organizations
, 2
Answer: B [CORRECT]
Rationale: The ACAS mission is to assess DoD enterprise networks and connected IT systems
against DoD standards, as well as identify any known system vulnerabilities. DISA selected
Tenable as the foundation of ACAS, cementing its standing as the leader in vulnerability
management in the U.S. Federal government.
Question 3 (Select-All-That-Apply)
Which of the following are core components of the ACAS suite? (Select all that apply)
A) Tenable.sc (SecurityCenter)
B) Nessus Scanner
C) Nessus Network Monitor (NNM) / Passive Vulnerability Scanner (PVS)
D) Nessus Agent
E) Splunk Enterprise Security
F) McAfee ePolicy Orchestrator
Answer: A, B, C, D [CORRECT]
Rationale: The four core components of the ACAS suite are: (1) Tenable.sc (SecurityCenter) - the
central console; (2) Nessus Scanner - performs active vulnerability and compliance scanning; (3)
Nessus Network Monitor (formerly PVS) - provides passive vulnerability detection via network
traffic sniffing; and (4) Nessus Agent - a lightweight endpoint program for agent-based scanning.
Splunk and McAfee are third-party products not part of the official ACAS suite.
Question 4 (Multiple-Choice)
What is the primary function of Tenable.sc (SecurityCenter) within the ACAS architecture?
A) It performs active vulnerability scanning of network endpoints
B) It serves as the central console providing continuous asset-based security and compliance
monitoring
C) It passively monitors network traffic for vulnerability indicators
D) It functions exclusively as a plugin update distribution server
Answer: B [CORRECT]
Rationale: Tenable.sc (SecurityCenter) serves as the central console that provides continuous
, 3
asset-based security and compliance monitoring. It aggregates scan results from Nessus
scanners and NNM, manages organizations, repositories, and scan zones, and provides
dashboards, reporting, and analysis capabilities for enterprise vulnerability management.
Question 5 (Multiple-Choice)
Which ACAS component is responsible for active vulnerability and compliance scanning,
including credentialed checks?
A) Nessus Network Monitor (NNM)
B) Tenable.sc (SecurityCenter)
C) Nessus Scanner
D) Nessus Agent
Answer: C [CORRECT]
Rationale: The Nessus Scanner is the active scanning component of ACAS. It performs both non-
credentialed (remote) and credentialed vulnerability and compliance scans. Credentialed scans
use administrative usernames/passwords or SSH key pairs to authenticate to target systems and
perform more thorough local checks that remote scans cannot achieve.
Question 6 (Multiple-Choice)
How does the Nessus Network Monitor (NNM) differ from the Nessus Scanner in terms of
operational methodology?
A) NNM performs active scanning while Nessus Scanner performs passive detection
B) NNM monitors data in motion via passive network traffic sniffing, while Nessus Scanner
monitors data at rest via active scanning
C) NNM requires credential authentication while Nessus Scanner does not
D) NNM is deployed only on Windows systems while Nessus Scanner supports all operating
systems
Answer: B [CORRECT]
Rationale: The fundamental distinction is that Nessus monitors data at rest through active
scanning (probing systems directly), while NNM/PVS monitors data in motion through passive
, 4
network traffic analysis (sniffing traffic without sending probes). This complementary approach
provides both targeted assessment and continuous monitoring capabilities.
Question 7 (Matching/Drag-and-Drop)
Match each ACAS component with its primary function:
Table
Component Function
1. Tenable.sc (SecurityCenter) A. Passive vulnerability detection via network traffic
sniffing
2. Nessus Scanner B. Central console for continuous asset-based security
monitoring
3. Nessus Network Monitor C. Lightweight endpoint program for distributed scanning
(NNM)
4. Nessus Agent D. Active vulnerability and compliance scanning
Answer: 1-B, 2-D, 3-A, 4-C [CORRECT]
Rationale: This matching demonstrates the core architecture of ACAS: SecurityCenter serves as
the management console, Nessus Scanner performs active assessments, NNM provides passive
continuous monitoring, and Nessus Agent enables distributed endpoint scanning. Each
component serves a distinct but complementary role in the overall vulnerability management
ecosystem.
Question 8 (True/False)
The ACAS Task Order 13-670 was the predecessor to the current TASKORD 20-0020, which
governs current ACAS implementation standards.
ACAS Best Practice Knowledge Exam 1-6
Complete Solutions 2026/2027
DOMAIN 1: ACAS FUNDAMENTALS & COMPONENT ARCHITECTURE (15 Questions)
Question 1 (Multiple-Choice)
What is the primary purpose of the Assured Compliance Assessment Solution (ACAS)?
A) To provide real-time network intrusion detection and prevention for DoD networks
B) To serve as a network-based security compliance and assessment capability designed to
provide awareness of the security posture and network health of DoD networks
C) To replace all manual security assessment procedures with fully automated penetration
testing
D) To function exclusively as a configuration management database for DoD IT assets
Answer: B [CORRECT]
Rationale: ACAS is defined as a network-based security compliance and assessment capability
designed to provide awareness of the security posture and network health of DoD networks. It
integrates vulnerability assessment, configuration compliance auditing, and continuous
monitoring capabilities to support enterprise network security operations in accordance with
DISA standards and TASKORD directives.
Question 2 (Multiple-Choice)
Which of the following best describes the ACAS mission as it relates to DoD network
operations?
A) ACAS is designed exclusively for perimeter firewall configuration and management
B) ACAS provides vulnerability management and compliance assessment to identify known
system vulnerabilities and assess DoD enterprise networks against DoD standards
C) ACAS functions primarily as an antivirus and endpoint protection platform for classified
networks
D) ACAS serves only as a ticketing system for security incident response within DoD
organizations
, 2
Answer: B [CORRECT]
Rationale: The ACAS mission is to assess DoD enterprise networks and connected IT systems
against DoD standards, as well as identify any known system vulnerabilities. DISA selected
Tenable as the foundation of ACAS, cementing its standing as the leader in vulnerability
management in the U.S. Federal government.
Question 3 (Select-All-That-Apply)
Which of the following are core components of the ACAS suite? (Select all that apply)
A) Tenable.sc (SecurityCenter)
B) Nessus Scanner
C) Nessus Network Monitor (NNM) / Passive Vulnerability Scanner (PVS)
D) Nessus Agent
E) Splunk Enterprise Security
F) McAfee ePolicy Orchestrator
Answer: A, B, C, D [CORRECT]
Rationale: The four core components of the ACAS suite are: (1) Tenable.sc (SecurityCenter) - the
central console; (2) Nessus Scanner - performs active vulnerability and compliance scanning; (3)
Nessus Network Monitor (formerly PVS) - provides passive vulnerability detection via network
traffic sniffing; and (4) Nessus Agent - a lightweight endpoint program for agent-based scanning.
Splunk and McAfee are third-party products not part of the official ACAS suite.
Question 4 (Multiple-Choice)
What is the primary function of Tenable.sc (SecurityCenter) within the ACAS architecture?
A) It performs active vulnerability scanning of network endpoints
B) It serves as the central console providing continuous asset-based security and compliance
monitoring
C) It passively monitors network traffic for vulnerability indicators
D) It functions exclusively as a plugin update distribution server
Answer: B [CORRECT]
Rationale: Tenable.sc (SecurityCenter) serves as the central console that provides continuous
, 3
asset-based security and compliance monitoring. It aggregates scan results from Nessus
scanners and NNM, manages organizations, repositories, and scan zones, and provides
dashboards, reporting, and analysis capabilities for enterprise vulnerability management.
Question 5 (Multiple-Choice)
Which ACAS component is responsible for active vulnerability and compliance scanning,
including credentialed checks?
A) Nessus Network Monitor (NNM)
B) Tenable.sc (SecurityCenter)
C) Nessus Scanner
D) Nessus Agent
Answer: C [CORRECT]
Rationale: The Nessus Scanner is the active scanning component of ACAS. It performs both non-
credentialed (remote) and credentialed vulnerability and compliance scans. Credentialed scans
use administrative usernames/passwords or SSH key pairs to authenticate to target systems and
perform more thorough local checks that remote scans cannot achieve.
Question 6 (Multiple-Choice)
How does the Nessus Network Monitor (NNM) differ from the Nessus Scanner in terms of
operational methodology?
A) NNM performs active scanning while Nessus Scanner performs passive detection
B) NNM monitors data in motion via passive network traffic sniffing, while Nessus Scanner
monitors data at rest via active scanning
C) NNM requires credential authentication while Nessus Scanner does not
D) NNM is deployed only on Windows systems while Nessus Scanner supports all operating
systems
Answer: B [CORRECT]
Rationale: The fundamental distinction is that Nessus monitors data at rest through active
scanning (probing systems directly), while NNM/PVS monitors data in motion through passive
, 4
network traffic analysis (sniffing traffic without sending probes). This complementary approach
provides both targeted assessment and continuous monitoring capabilities.
Question 7 (Matching/Drag-and-Drop)
Match each ACAS component with its primary function:
Table
Component Function
1. Tenable.sc (SecurityCenter) A. Passive vulnerability detection via network traffic
sniffing
2. Nessus Scanner B. Central console for continuous asset-based security
monitoring
3. Nessus Network Monitor C. Lightweight endpoint program for distributed scanning
(NNM)
4. Nessus Agent D. Active vulnerability and compliance scanning
Answer: 1-B, 2-D, 3-A, 4-C [CORRECT]
Rationale: This matching demonstrates the core architecture of ACAS: SecurityCenter serves as
the management console, Nessus Scanner performs active assessments, NNM provides passive
continuous monitoring, and Nessus Agent enables distributed endpoint scanning. Each
component serves a distinct but complementary role in the overall vulnerability management
ecosystem.
Question 8 (True/False)
The ACAS Task Order 13-670 was the predecessor to the current TASKORD 20-0020, which
governs current ACAS implementation standards.
