ACAS Assured Compliance Assessment
Solution Exam Study Guide | Complete
and Graded A+ | 2024/2025 Guide
What is a system designed to provide awareness of the security posture
and network health of DoD networks?
A) ACAS
B) Repository
C) Scan Zone
D) CMRS - Correct Answer - A) ACAS
What are some limitations of ACAS? - Correct Answer - >>Number of
Accounts impact server performance >>Can not apply patches
>>Can only scan internal to the base firewall
>>Nessus scanners require base technicians to troubleshoot
Scan Policies: - Correct Answer - >>The scan policy contains plugin
settings and advanced directives used during the course of the Nessus
scan
>>Policies can be created or imported
>>Audit files and credentials from the original policy are not exported and
copied with the policy file
Discovery Scan - Correct Answer - __Pings host using
TCP - Transmission Control Protocol
,ARP - Address Resolution Protocol
ICMP - Internet Control Message Protocol
__Identifies network assets
VoIP phones
Workstations
Servers
Infrastructure devices ( Routers/Switches )
Printers
Virtual Machines
Vulnerability Scan - Correct Answer - **REQUIRES CREDENTIALS WITH
ROOT ACCESS
>>Uses thousands of plugins
>>Identifies missing patches and Internal misconfigurations
Microsoft KB articles
Java
Adobe (Flash, Reader, Shockwave)
Antivirus more than 6 days old (current DISA standard)
Default passwords
Open ports and protocols
Audit Scan - Correct Answer - **Requires credentials that have root
access to the targeted systems
>>Uses a benchmark, usually from the STIG website
>>Check Security Technical Implementation Guide (STIG) compliance
>>Is not approved or recommended at this time for STIG scanning
To create a new Discovery scan policy - Correct Answer - >>you will need
the "Acceptable Deviations" Excel file posted in the DoD Patch Repository
https://patches.csd.disa.mil/
>>Using the Best Practices Excel sheet. Select Advanced Scan and follow
the Excel sheet that dictates the acceptable parameters
Asset lists are - Correct Answer - >>used to break up your infrastructure
into manageable groups, for a number of different purposes
>>dynamically or statically generated lists of hosts or devices that are
connected to your network
Asset lists impact all areas of SecurityCenter - Correct Answer -
>>Analysis and Queries
>>Dashboard Components
>>Scanning
>>Reporting
>>Groups
Analysis and Queries in Asset Lists - - Correct Answer - you can use asset
lists when filtering scan data and saving queries
Dashboard Components in Asset Lists - - Correct Answer - you can use
asset lists when creating custom dashboard components
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NurseMeg. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
