ACAS EXAM BEST PRACTICE KNOWLEDGE (BPG) (ACTUAL
2026-2027) EXAM 1, 2, 3, 4, 5 & 6 QUESTIONS AND 100%
VERIFIED ANSWERS
c - --answers----_________ are administrative level
usernames and passwords (or SSH key pairs) used in
authenticated scans?
Select the best answer to complete the statement.
a. Audit files
b. Scan policies
c. Credentials
d. Asset lists
c - --answers----Networks using Dynamic Host Configuration
Protocol (DHCP) require that this active scan setting be
enabled to properly track hosts.
Select the best answer for the statement.
a. Rollover Option
b. Enable Safe Checks
c. Track hosts which have been issued new IP addresses
,d. Remove vulnerabilities from scanned hosts that have been
inactive for (X days)
a - --answers----How many import repositories can you
select for a single scan?
Select the best answer to the question.
a. Only one
b. A maximum of three
c. You can select all your available repositories
d. As many as you like, if none of them are agent repositories
a c - --answers----Per the ACAS Best Practices Policy
Deviations spreadsheet, which Port Scan Range value tells the
scanner to scan all ports?
Select the best answers to the question.
a. 1-65535
b. Default
c. All
d. Common
a. Directs the scanner to target a specific range of ports.
b. Ensures that potential harmful plugins are not exercised by
the Scanner.
,c. Limits the maximum number of plugins a Nessus scanner
will send to a single host at one time.
d. Limits the maximum number of targets that a single Nessus
scanner will scan at the same time.
- --answers----Drag the matching description to the Scan
Policy option from the list below.
Sort elements
a. Port Scan Range
b. Enable Safe Checks
c. Max Simultaneous Checks Per Host
d. Max Simultaneous Checks Per Scan
c - --answers----You need to make a change to a setting in
the BPG Vulnerability Scan Policy Template, such as the anti-
virus definition period setting.
Which of the following is a true statement?
a. Submit a copy of the modified template to JFHQ-DODIN for
approval
b. Make the changes as needed, there are no other
requirements.
c. Ensure the change is documented and approved by you AO,
ISSM, or local authority.
, d. Don't make any changes, changing the BPG-provided scan is
not allowed per CCRI audit guidelines.
a - --answers----To get the most accurate results on the
security posture of a system, which of the following actions
should be done prior to scanning?
a. Update the plugins
b. Patch the scanner
c. Reboot the target host
d. Log all users out of the system.
True - --answers----According to the ACAS Best Practices
Guide/ACAS TASKORD, both Discovery and Vulnerability Scans
are to be credentialed.
True
False
d - --answers----Per the TASKORD the organization will
conduct discovery scans of the site's assigned IP space (active
and inactive IP addresses and ranges) at least once every how
many days?
Select the best answer (per the Best Practices Guide).
a. 7
2026-2027) EXAM 1, 2, 3, 4, 5 & 6 QUESTIONS AND 100%
VERIFIED ANSWERS
c - --answers----_________ are administrative level
usernames and passwords (or SSH key pairs) used in
authenticated scans?
Select the best answer to complete the statement.
a. Audit files
b. Scan policies
c. Credentials
d. Asset lists
c - --answers----Networks using Dynamic Host Configuration
Protocol (DHCP) require that this active scan setting be
enabled to properly track hosts.
Select the best answer for the statement.
a. Rollover Option
b. Enable Safe Checks
c. Track hosts which have been issued new IP addresses
,d. Remove vulnerabilities from scanned hosts that have been
inactive for (X days)
a - --answers----How many import repositories can you
select for a single scan?
Select the best answer to the question.
a. Only one
b. A maximum of three
c. You can select all your available repositories
d. As many as you like, if none of them are agent repositories
a c - --answers----Per the ACAS Best Practices Policy
Deviations spreadsheet, which Port Scan Range value tells the
scanner to scan all ports?
Select the best answers to the question.
a. 1-65535
b. Default
c. All
d. Common
a. Directs the scanner to target a specific range of ports.
b. Ensures that potential harmful plugins are not exercised by
the Scanner.
,c. Limits the maximum number of plugins a Nessus scanner
will send to a single host at one time.
d. Limits the maximum number of targets that a single Nessus
scanner will scan at the same time.
- --answers----Drag the matching description to the Scan
Policy option from the list below.
Sort elements
a. Port Scan Range
b. Enable Safe Checks
c. Max Simultaneous Checks Per Host
d. Max Simultaneous Checks Per Scan
c - --answers----You need to make a change to a setting in
the BPG Vulnerability Scan Policy Template, such as the anti-
virus definition period setting.
Which of the following is a true statement?
a. Submit a copy of the modified template to JFHQ-DODIN for
approval
b. Make the changes as needed, there are no other
requirements.
c. Ensure the change is documented and approved by you AO,
ISSM, or local authority.
, d. Don't make any changes, changing the BPG-provided scan is
not allowed per CCRI audit guidelines.
a - --answers----To get the most accurate results on the
security posture of a system, which of the following actions
should be done prior to scanning?
a. Update the plugins
b. Patch the scanner
c. Reboot the target host
d. Log all users out of the system.
True - --answers----According to the ACAS Best Practices
Guide/ACAS TASKORD, both Discovery and Vulnerability Scans
are to be credentialed.
True
False
d - --answers----Per the TASKORD the organization will
conduct discovery scans of the site's assigned IP space (active
and inactive IP addresses and ranges) at least once every how
many days?
Select the best answer (per the Best Practices Guide).
a. 7
