IT Specialist (INFOSEC), GS-2210-12/13


Vacancy ID: 844889   Announcement Number: MG-2013-T0130-MJH-844889DE   USAJOBS Control Number: 338063100

Occupational/Assessment Questions:

THE RESUME YOU SUBMIT FOR THIS ANNOUNCEMENT MUST SUPPORT THE ANSWER YOU CLAIM UNDER THIS AND OTHER QUESTIONS. IF NOT, YOU WILL BE FOUND NOT QUALIFIED OR YOUR SCORE WILL BE LOWERED.

1. Please select the response that best reflects your qualifications for the IT Specialist (InfoSec), GS-2210-12 position?

A. I have at least one year of specialized experience in: One full year of specialized experience.  Specialized experience is described as: Accomplishment of IT security assignments that required sound knowledge of vulnerability and security control assessment tools, security control assessment techniques, and vulnerability analysis over a wide range of systems to determine compliance with IT security requirements and to recommend improvements to information security programs, policies, and procedures. This level of work experience should reflect independence in planning and carrying out the assignment, selecting the approach or methodology to be used, and coordinating the work with others as necessary. AND
Knowledge of: a.     DITSCAP:  DoD Information Technology Security Certification and Accreditation Process and b.    NIACAP: National information Assurance and Certification and Accreditation Process. And Experience using and/or configuring bulk encryption devices.
B. I do not possess the specialized experience described above.

2. Please select the response that best reflects your qualifications for the IT Specialist (InfoSec), GS-2210-13 position?

A. I have at least one year of specialized experience in: Specialized experience is described as: Accomplishment of IT security assignments that required in-depth knowledge of National Security Agency, Department of Defense and Intelligence Community Directives, standards and guidelines, vulnerability and security control assessment tools, security control assessment techniques, and vulnerability analysis over a wide range of systems to determine compliance with IT security requirements and to recommend improvements to information security programs, policies, and procedures. This level of work experience should reflect wide latitude for the exercise of independent judgment to perform work of marked difficulty and responsibility. AND Knowledge of:a.     DITSCAP:  DoD Information Technology Security Certification and Accreditation Process and b.    NIACAP: National information Assurance and Certification and Accreditation Process. And c.        FISMA: Federal Information Systems Management Act and d.       ICDs: Intelligence Community Directives and  Experience accrediting and/or working Cross Domain Solutions and Experience remediating vulnerabilities, associated with a classified system. And Experience using and/or configuring bulk encryption devices?
B. I do not possess the specialized experience described above.

3. Which of the following statements best describes your experience in the certification and accreditation process.

A. I have coordinated, assembled, and submitted an accreditation package.
B. I have written a document that was included in an accreditation package.
C. I have reviewed an accreditation package.
D. I have no experience in certification and accreditation

4. Are you a Certified Information Systems Security Professional (CISSP), or do you hold an equivalent certification?

A. I hold a CISSP certification.
B. I hold an equivalent security certification.
C. I hold another technical certification.
D. I do not hold a CISSP or equivalent certification.

5. Select from the following which you have had experience in testing.

A. System Security Plans
B. Security Test and Evaluations
C. Contingency Plans
D. None of the above.

6. Which of the following statements best describes your ability to perform risk benefit analysis?

A. I have experience with projects that required an understand of complex system requirements, balance them against a personal understanding of security risks, and develop pro and con arguments in support of risk based decisions.
B. I have experience researching system requirements and risks using publicly available search tools and developing pro and con arguments in support of risk based decisions.
C. I have experience working on a team to collaboratively develop risk based decisions.
D. None of the above

7. Choose the statements that describe your experience in IT policy management and compliance

A. Conducted compliance audits and reviews
B. Developed infrastructure and architecture to support policy
C. Wrote policy
D. Monitored Web activity for policy compliance
E. Acted on policy violations
F. Implemented IT policy
G. Waived IT policy requirements
H. Reported on compliance
I. None of the above 0

8. I have implemented or evaluated the security controls related to the following functional areas.

A. Certification and Accreditation
B. Configuration Management
C. Security Incident Management and Security Training
D. Remediation/Plans of Actions and Milestones
E. Remote Access
F. Identity Management
G. Continuous Monitoring
H. Contractor Oversight and Contingency Planning
I. None of the above

9. Which of the following describes your network security understanding or experience.

A. I have actively configured and administered in transport and/or security devices.
B. I have an understanding of how transport and/or security devices are configured and their role within a network.
C. I have a basic understanding of the role/purpose transport and/or security devices within a given network and the protections they afford.
D. I have no system administration experience.

10. Do you have experience of reviewing regulations, standards, and mandates underling operation of a security information system.

A. Yes
B. No

11. Choose the Information security authorities, regulations with which you are very familiar.

A. National Institute of Standards & Technology
B. Federal Information Systems Security act
C. Public Law
D. Presidential Directives
E. Committee on National Security Systems instructions
F. Intelligence Community Directives
G. None of the above

12. I have knowledge of the following laws, regulations, etc., to serve as a technical expert on information matters.

A. Freedom of Information Act (FOIA) and Privacy Act (PA)
B. Federal Advisory Committee Act
C. The Federal Records Act, as amended
D. General Services Administration Regulations
E. The Information Technology Management Reform Act
F. The Office of Management and Budget Circular A-130, Management of Federal Information Resources
G. Government Accountability Office Records Management Guidance for Federal Agencies
H. National Archives and Records Administration Regulations
I. None of the above

13. Select all of the following that you feel proficient in knowledge of the following concepts as each applies to cyber/information security technologies.

A. Identification and Authentication
B. Cryptography
C. Access Controls
D. Continuous Monitoring
E. Firewalls
F. Intrusion Detection/Prevention Systems
G. Virtual Private Networks
H. Vulnerability Assessments
I. None of the above

14. Which of the following best describes your experience with Federal information security requirements.

A. I can use Federal information security requirements to design a new system.
B. I can evaluate the validity of a system’s proposed design against Federal information security requirements.
C. I can use Federal information security requirements to assess an existing system.
D. I have class work experience with Federal information security requirements.
E. I have reading knowledge of Federal information security requirements.
F. I have no experience with the Federal Security requirements

15. Which of the following best reflects your experience with information security reporting requirements for the Federal Information Security Management Act (FISMA).

A. I have had experience providing input for the reports.
B. I have had experience preparing the reports.
C. I have had experience preparing and briefing on the reports.
D. I have had responsibility for submitting the reports and for addressing any questions.
E. None of the above

16. Choose the statements that describe your experience in information security.

A. Conducted risk vulnerability assessments for planned, and/or installed, information systems.
B. Developed computer security policies and procedures
C. Conducted information system security evaluations, audits, and reviews
D. Developed and implemented disaster recovery plans
E. None of the above

17. In which of the following events have you communicated verbally or made oral presentations

A. Speeches
B. Conferences and Meetings
C. One-on-One discussions
D. Telephone inquiries
E. Training
F. Technical assistance
G. Interviews
H. Executive briefings and Technical briefings
I. None of the above

18. Which of the following information security related tasks have you performed as part of your job?

A. Prioritized and scheduled organizations to be evaluated for security
B. Developed security assessment criteria
C. Developed long range security plans for systems
D. Planned and conducted systems security evaluations, audits, and reviews
E. Provided technical advice and leadership on security aspects of network and systems design to ensure implementation of appropriate systems security and policies
F. None of the Above

19. From the list below, select the information security documents have you created (or provided written input).

A. Security plan
B. Incident response plan
C. Plan of actions and milestones
D. Response to audit/findings
E. Risk assessments
F. Disaster recovery plan
G. None of the above

20. Which of the following types of documents have you written?

A. Talking points
B. Congressional inquiry responses
C. Correspondence AND Technical reports
D. Service Level Agreements AND Standard operating procedures
E. Directives AND Federal register notices
F. Regulatory/statutory material AND Policy guidance
G. Congressional testimony, Analyses of proposed policy, legislative or management initiatives 1
H. Option papers/decision memos AND Strategic plans
I. None of the above 0

21. Choose all examples that match your experience in preparing written material.

A. I have written analytical reports for internal audiences.
B. I have written analytical reports for external audiences.
C. I have written briefing material on policies and procedures for a broad internal audience.
D. I have written briefing material on policies and procedures for a broad external audience.
E. I have written to defend a position and persuade a skeptical audience.
F. I have prepared and presented issue papers and/or briefings to program personnel, subject-matter groups and/or management officials at all levels.
G. I have reviewed and edited reports for accuracy, grammar, adherence to policy, organization of material, clarity of expression, and appropriateness for intended audiences.
H. None of the above

22. Which of the following best describes your experience communicating verbally?

A. Speeches
B. Conferences
C. Meetings
D. One-on-One discussions
E. Telephone inquiries
F. Training
G. Technical assistance
H. Executive briefings AND Technical briefings
I. None of the above