Skip Navigation

Vacancy Questions Preview

Vacancy Questions Preview

Grade: All Grades
* 1.I have one year of specialized experience equivalent to at least the grade 11 level in the Federal Service. Specialized experience is experience providing analysis of IT security in infrastructure operations, server management, COTS and web applications in conformance with the National Institute of Standards (NIST) guidelines and industry recommended best practices.
  1. Yes
  2. No


2.Which statement reflects your certification?
  1. I have CISSP certification
  2. I have certification equivalent to CISSP
  3. I do not have CISSP or equivalent certification


3.I have a working knowledge of and can explain the security implications of the following: (Check all that apply)
  1. FISMA
  2. PCI
  3. Role based security/Separation of Duties
  4. Web Security
  5. Physical Security
  6. Security Operations
  7. None of the above


4.I have experience with addressing Security controls and Vulnerabilities relating to the following: (Check all that apply)
  1. Cisco switches and routers
  2. Sun Solaris and Linux servers and workstations
  3. Active Directory, Windows servers and desktops
  4. Firewalls, IDSs, and IPSs
  5. Security Configuration Management Support (Center for Internet Security Benchmark Recommendations, Baselines, Patching, etc.)
  6. Desktop Configuration Management Support (FDCC/USGCB Baselines, Patching)
  7. Log file reviews of core/critical servers
  8. User Account management reviews
  9. Vulnerability reviews and remediation recommendations
  10. Web Services and Web Application vulnerabilities reviews and Remediation Recommendations
  11. Risk assessment reviews
  12. None of the above


5.I have experience with the following: (Check all that apply)
  1. Threat Reviews
  2. System Security Log Reviews
  3. Control Reviews (Management ,Technical and Operational)
  4. Control Reviews (Payment Card Industry)
  5. Control Reviews (OWASP)
  6. Security Testing (Misuse Cases)
  7. Web Application Input Data Validation
  8. COTS Application Security Testing
  9. None of the above


6.Which statement best describes your experience in the analysis and interpretation of Federal Security Information Management Act (FISMA), OMB A-130, Appendix III, and other federal IT security policy and guidelines.
  1. I have not had the education, training or experience in performing this task.
  2. I have had specific training or education directly related to this task, although I have not performed this task on a job.
  3. I have performed this task on the job with assistance from a team leader, supervisor or senior employee to ensure compliance with proper procedures.
  4. I have performed this task on the job independently with approval of the final product by a team leader or a supervisor.
  5. I have instructed or assisted other workers in the performance of this task due to my expertise in this area.


7.Choose the statements that best describe your experience in identifying and implementing application security. (Check all that apply)
  1. I have identified security requirements during the requirements analysis and design disciplines of system development.
  2. I have tested OS, Databases and applications to see that they meet all security requirements.
  3. I have implemented OS, Databases and applications to ensure they meet security requirements.
  4. I have supported a continuous monitoring of systems to provide assurances of IT security controls.
  5. None of the above.


8.I have expertise in the development of security configuration management (CM) baselines for core/critical systems: (Check all that apply)
  1. I have directly been involved in the enforcement of security configuration management baselines.
  2. I have been involved in the development of information security baselines.
  3. I have directly supported a FISMA compliant assessment and authorization program.
  4. I have provided organizational information security awareness and education to system sponsors and system administrators.
  5. I proactively protected the integrity, confidentiality and availability of the organizations information resources, data and systems.
  6. I developed action plans, schedules, budgets and condition reports and other management communications tools intended to improve the status of information security in systems and organization.
  7. None of the above.


9.Choose areas for which you have had responsibilities to develop an implementation or document the results. (Check all that apply)
  1. FIPS 140-2, Security Requirements for Cryptographic Modules
  2. FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
  3. System Categorization (FIPS 199)
  4. System Security Plan (SSP)
  5. Configuration Management Plan (CMP)
  6. Configuration Management Compliance Reports
  7. System Test & Evaluation Plan (ST&E) and the annual test results and Security Assessment Report (SAR) Summary
  8. Contingency Plan (CP) Annual Test Results
  9. Disaster Recovery Plan (DRP) Tabletop Test Results
  10. Risk Assessment (RA)
  11. Plan of Action and Milestones (POAM)
  12. Quarterly Account Management Reports
  13. Quarterly Log Review, Patch reports for core/critical systems
  14. Vulnerability Scan Results
  15. Management briefings
  16. Analyses of industry or technology Security issues
  17. Statements of Work and/or objectives to engage and manage vendor support for IT Security.
  18. none of the above.


10.Select the statement that best describes your experience in conveying complex technical security information.
  1. Routinely consulted with and advised decision-makers on complex IT security “organizational” practices.
  2. Routinely consulted with and advised decision-makers on complex IT security “System” practices
  3. Routinely supported IT staff on how to fix System vulnerabilities
  4. Routinely supported IT staff on preparing plans to remediate complex system vulnerabilities
  5. None of the above.


11.I have experience in applying in-depth security controls to applications or systems during the development process in the following area: (Check all that apply)
  1. I supported the development and enforcement of information security policies, standards, procedures and guidelines.
  2. I provided IT Security across a system development lifecycle (SDLC) in order to optimize technical solutions to incorporate security requirements and procedures to help ensure the system is optimized to support the mission of the organization.
  3. I supported a Federal Information Security Management Act (FISMA) compliant system assessment and authorization.
  4. I supported information security awareness and education across systems users and administrators.
  5. I proactively protected the integrity, confidentiality and availability of the organizations information resources, data and systems.
  6. I developed action plans, schedules, budgets and condition reports and other management communications tools intended to improve the status of information security in the system or organization.
  7. None of the above.


12.Select those responses that describe your experience with respect to partnering to achieve business results or accomplish your objectives. (Check all that apply)
  1. I have developed internal networks and alliances within my own organization that improved computer security (that is my office, my branch, my institution).
  2. I have supported collaboration with other organizational units within my functional area (for example, security engineering, and access control) on specific projects/initiatives to achieve common goals and objectives.
  3. I have supported collaboration with other organizations on security projects/initiatives to help achieve common goals and objectives.
  4. I have created team-oriented work procedures which incorporated security into the IT and business processes of the organization.
  5. None of the above.






This is a Federal job application system. Providing false information, creating fake IDs, or failing to answer all questions truthfully and completely may be grounds for not hiring, for disbarment from Federal employment, or for dismissal after the applicant begins work. Falsifying a Federal job application, attempting to violate the privacy of others, or attempting to compromise the operation of this system may be punishable by fine or imprisonment (US Code, Title 18, section 1001).