A vulnerability will be marked as mitigated in the Tenable.sc repository if a subsequent scan
determines that the vulnerability is no longer present on the endpoint.
Select the correct answer.
a. True
b. False - ANSWER a
Select the best answer.
a. Active Scan View
b. Vulnerability Summary
c. IP Summary
d. Remediation Summary - ANSWER c
Nessus Agents are lightweight Nessus scanners installed on the endpoint, according to the
ACAS Agent Rapid Deployment Guide.
Select the best answer.
a. True
b. False - ANSWER a
Per the Best Practices Guide, which of the following statements are true?
1
,Select the correct answer(s).
a. The TASKORD defines several target types on which Nessus Agents are required to be in-
stalled.
b. Nessus Agents can be installed on addition endpoints above TASKORD requirement.
c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must also be
scanned with the Nessus active scanner using ACAS Best Practice Guide Agent Differential
scan policy.
d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS.
e. All the above - ANSWER abc
Nessus Agent and Manager use the same software.
Select the correct answer.
a. True
b. False - ANSWER b
Per the Best Practices Guide, which of these statements is true.
Select the correct answers.
a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit files are to be
used for configuration scanning in ACAS.
b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into CMRS.
c. Audit files are proprietary formatted XML files that define how ACAS should check for con-
figuration with a specified benchmark.
d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update Tenable.sc
e. None of the above - ANSWER acd
2
,It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the Task Order
20-0020, which of the following statements reflects your current compliance status?
Select the best answer.
In compliance because configuration scans are only required every 30 days.
In compliance because vulnerability scans are only required every 21 days.
Out of compliance because configuration scans are required every 14 days.
Out of compliance because vulnerability scans are required every single day. - ANSWER a
Choose the Tenable.sc Severity Level that corresponds to the Configuration result.
Tenable re-used severity levels for configuration results.
a. Critical
b. High
c. Medium
d. Info - ANSWER a. Not used with configuration
b. Failed configuration check
c. Unable to Determine/Error
d. Passed configuration check
Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are proprie-
tary formatted XML files that define how ACAS should check for configuration with a speci-
fied STIG?
Select the best answer:
3
, a. Credentials
b. Queries
c. Policies
d. Audit Files - ANSWER d
The Tenable Nessus vulnerability scanner allows you to perform compliance audits of nu-
merous platforms including (but not limited to) databases, Cisco, Unix, and Windows config-
urations as well as sensitive data discovery based on regex contained in audit files.
Audit files are XML-based text files that contain the specific configuration, file permission,
and access control tests to be performed.
Log in to Tenable Security Center via the user interface.
Click Scans > Audit Files.
The Audit Files page appears.
Scan zone - ANSWER Scan zones are areas of your network that you want to target in an
active scan
Associates an IP address or range of IP addresses with one or more scanners
You must create scan zones in order to run active scans in Tenable Security Center.
CVSS vs. VPR - ANSWER CVSS is the overall score assigned to a vulnerability. CVE is simply
a list of all publicly disclosed vulnerabilities that includes the CVE ID, a description, dates,
and comments. The CVSS score is not reported in the CVE listing - you must use the NVD to
find assigned CVSS scores.
Tenable calculates a dynamic VPR for most vulnerabilities. The VPR is a dynamic companion
to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to re-
flect the current threat landscape. VPR values range from 0.1-10.0, with a higher value rep-
resenting a higher likelihood of exploit.
4
determines that the vulnerability is no longer present on the endpoint.
Select the correct answer.
a. True
b. False - ANSWER a
Select the best answer.
a. Active Scan View
b. Vulnerability Summary
c. IP Summary
d. Remediation Summary - ANSWER c
Nessus Agents are lightweight Nessus scanners installed on the endpoint, according to the
ACAS Agent Rapid Deployment Guide.
Select the best answer.
a. True
b. False - ANSWER a
Per the Best Practices Guide, which of the following statements are true?
1
,Select the correct answer(s).
a. The TASKORD defines several target types on which Nessus Agents are required to be in-
stalled.
b. Nessus Agents can be installed on addition endpoints above TASKORD requirement.
c. Per the TASKORD organizations endpoints which leverage a Nessus Agents must also be
scanned with the Nessus active scanner using ACAS Best Practice Guide Agent Differential
scan policy.
d. If you use Nessus Agents, then you don't need any other scanning tools for ACAS.
e. All the above - ANSWER abc
Nessus Agent and Manager use the same software.
Select the correct answer.
a. True
b. False - ANSWER b
Per the Best Practices Guide, which of these statements is true.
Select the correct answers.
a. ACAS TASKORD 20-0020 FRAGO 3 clarifies that only DISA STIG Tenable Audit files are to be
used for configuration scanning in ACAS.
b. DISA SCAP-compliant, automated benchmarks are still acceptable for ingest into CMRS.
c. Audit files are proprietary formatted XML files that define how ACAS should check for con-
figuration with a specified benchmark.
d. Tenable distributes audit files via the the Tenable.sc Feed that is used to update Tenable.sc
e. None of the above - ANSWER acd
2
,It has been 20 days since your last configuration (STIG) scan. Per FRAGO 2 of the Task Order
20-0020, which of the following statements reflects your current compliance status?
Select the best answer.
In compliance because configuration scans are only required every 30 days.
In compliance because vulnerability scans are only required every 21 days.
Out of compliance because configuration scans are required every 14 days.
Out of compliance because vulnerability scans are required every single day. - ANSWER a
Choose the Tenable.sc Severity Level that corresponds to the Configuration result.
Tenable re-used severity levels for configuration results.
a. Critical
b. High
c. Medium
d. Info - ANSWER a. Not used with configuration
b. Failed configuration check
c. Unable to Determine/Error
d. Passed configuration check
Per the ACAS Best Practices Guide, which of the following Tenable.sc resources are proprie-
tary formatted XML files that define how ACAS should check for configuration with a speci-
fied STIG?
Select the best answer:
3
, a. Credentials
b. Queries
c. Policies
d. Audit Files - ANSWER d
The Tenable Nessus vulnerability scanner allows you to perform compliance audits of nu-
merous platforms including (but not limited to) databases, Cisco, Unix, and Windows config-
urations as well as sensitive data discovery based on regex contained in audit files.
Audit files are XML-based text files that contain the specific configuration, file permission,
and access control tests to be performed.
Log in to Tenable Security Center via the user interface.
Click Scans > Audit Files.
The Audit Files page appears.
Scan zone - ANSWER Scan zones are areas of your network that you want to target in an
active scan
Associates an IP address or range of IP addresses with one or more scanners
You must create scan zones in order to run active scans in Tenable Security Center.
CVSS vs. VPR - ANSWER CVSS is the overall score assigned to a vulnerability. CVE is simply
a list of all publicly disclosed vulnerabilities that includes the CVE ID, a description, dates,
and comments. The CVSS score is not reported in the CVE listing - you must use the NVD to
find assigned CVSS scores.
Tenable calculates a dynamic VPR for most vulnerabilities. The VPR is a dynamic companion
to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to re-
flect the current threat landscape. VPR values range from 0.1-10.0, with a higher value rep-
resenting a higher likelihood of exploit.
4
