RMF-SECURITY CONTROL ASSESSOR
INTERVIEW PREP QUESTIONS AND
ANSWERS 100% CORRECT
Where did you work as a Junior SOC Anaylst? - ANSWER-I worked at Optimum Cyber,
LLC
Junior SOC (Security Operations Center) Maryland. Analyst January 2012 - June 2015,
Optimum Cyber is a company that primarily engaged in cyber security as well as
engineering solutions that optimize to protect businesses.
Their Services include, Security Governance
Risk Assessment, Vulnerability Analysis/Reporting
Penetration Testing,Security Awareness Training
Technology Process Testing/Optimization
Cloud Solutions, On-premises Solutions
Managed Security.
What did you do as a SOC analyst at Optimum Cyber? - ANSWER-I identified and
investigated Cyber Security Incidents. I also aided the SOC team in the reporting and
documentation of vulnerabilities by utilizing tools such as Splunk and SNORT.
I helped with the management and maintenance of records in security monitoring and
incident response
I performed and assisted in Network Security Monitoring and Incident Response
I was responsible for reporting findings and provide status to senior leadership*
I monitored personnel or equipment locations and utilization to coordinate service
andschedules.
I recorded facts and prepared reports that document incidents and activities.
I documented and relayed complains and emergency-request information to appropriate
agency dispatchers.
Where did you work as a Junior IT security analyst? - ANSWER-I worked at XO
Communications ( now Verizon) for one year, July 2017 to July 2018.
XO Communications is a telecommunications company it provided managed and
converged Internet Protocol (IP) network services for small and medium-sized
enterprises.
What did you do as a Junior IT security analyst at XO communications? - ANSWER-
Worked in Security Operations as a IT security analyst assisted with detecting, defend
and respond to cyber threats. Majority of my experience was vulnerability management.
Skills such developing Security Assessment Plans, Revised IT security policy and
procedures, conducted risk assessments and revised SSP. Continuous monitoring of
using NIST 800-137 as a guided and performed vulnerability scanning using Nessus.
, Herdon, Va.
Where did u work as an IT security analyst? - ANSWER-I worked at Mind Point Group
from September 2016 to October 2018. Alexander, Virginia. Mind Point Group is a
certified security consulting firm.
What did you do as a IT security analyst at Mindpoint group? - ANSWER-In my
experience at Mind Point Group I performed risk assessments, updated and reviewed
SSP, reviewed POAMS and SAP, provided assistance in updating IT security policies. I
assisted with conducting cloud system assessments. performed vulnerability scans and
continuous monitoring and worked with AWS as a cloud service provider.
Where did you work as a Senior IT security Analyst? - ANSWER-I worked at Crest
Consulting. IT audit and cyber security consulting company. This company provides the
neccessary network security audit, website security audit, complain audit and risk
assessments.
Rockville MD but worked remotely
What did you do as a Senior IT security analyst at Crest Consulting? - ANSWER-
Documented the results and findings of the assessments within RTMS and SARs.
Performed updates with security policies, procedures, standards and guidelines.
Conducted scoping, planning and kick off meeting for Security assessments.
Established security baselines. assisted in cloud system assessments primarily with
AWS
Performed security control assessments, risk assessments, reviewed and helped
update POAMS, monitored the security controls post authorization to maintain
compliance. annual assessments, utilized Nessus vulnerability and compliance scans.
3PAO - ANSWER-"third party assessment organization" under the FedRAMP program.
FedRAMP (Federal Risk and Management Protocol) - ANSWER-Provides security
assessment, authorization and continuous monitoring for cloud products and services.
Reusable approach to provider assessments.
Government agencies utilize this to make decisions on feasibility of specific cloud-based
solutions.
Used with cloud solution providers who market to federal government agencies.
FedRAMP - ANSWER-U.S. government security standards for cloud computing
(PMO) project management office - ANSWER-Established by organizations to create
and maintain procedures and standards for project management methodologies to be
used throughout the organization.
CSP - ANSWER-Cloud Service Provider
INTERVIEW PREP QUESTIONS AND
ANSWERS 100% CORRECT
Where did you work as a Junior SOC Anaylst? - ANSWER-I worked at Optimum Cyber,
LLC
Junior SOC (Security Operations Center) Maryland. Analyst January 2012 - June 2015,
Optimum Cyber is a company that primarily engaged in cyber security as well as
engineering solutions that optimize to protect businesses.
Their Services include, Security Governance
Risk Assessment, Vulnerability Analysis/Reporting
Penetration Testing,Security Awareness Training
Technology Process Testing/Optimization
Cloud Solutions, On-premises Solutions
Managed Security.
What did you do as a SOC analyst at Optimum Cyber? - ANSWER-I identified and
investigated Cyber Security Incidents. I also aided the SOC team in the reporting and
documentation of vulnerabilities by utilizing tools such as Splunk and SNORT.
I helped with the management and maintenance of records in security monitoring and
incident response
I performed and assisted in Network Security Monitoring and Incident Response
I was responsible for reporting findings and provide status to senior leadership*
I monitored personnel or equipment locations and utilization to coordinate service
andschedules.
I recorded facts and prepared reports that document incidents and activities.
I documented and relayed complains and emergency-request information to appropriate
agency dispatchers.
Where did you work as a Junior IT security analyst? - ANSWER-I worked at XO
Communications ( now Verizon) for one year, July 2017 to July 2018.
XO Communications is a telecommunications company it provided managed and
converged Internet Protocol (IP) network services for small and medium-sized
enterprises.
What did you do as a Junior IT security analyst at XO communications? - ANSWER-
Worked in Security Operations as a IT security analyst assisted with detecting, defend
and respond to cyber threats. Majority of my experience was vulnerability management.
Skills such developing Security Assessment Plans, Revised IT security policy and
procedures, conducted risk assessments and revised SSP. Continuous monitoring of
using NIST 800-137 as a guided and performed vulnerability scanning using Nessus.
, Herdon, Va.
Where did u work as an IT security analyst? - ANSWER-I worked at Mind Point Group
from September 2016 to October 2018. Alexander, Virginia. Mind Point Group is a
certified security consulting firm.
What did you do as a IT security analyst at Mindpoint group? - ANSWER-In my
experience at Mind Point Group I performed risk assessments, updated and reviewed
SSP, reviewed POAMS and SAP, provided assistance in updating IT security policies. I
assisted with conducting cloud system assessments. performed vulnerability scans and
continuous monitoring and worked with AWS as a cloud service provider.
Where did you work as a Senior IT security Analyst? - ANSWER-I worked at Crest
Consulting. IT audit and cyber security consulting company. This company provides the
neccessary network security audit, website security audit, complain audit and risk
assessments.
Rockville MD but worked remotely
What did you do as a Senior IT security analyst at Crest Consulting? - ANSWER-
Documented the results and findings of the assessments within RTMS and SARs.
Performed updates with security policies, procedures, standards and guidelines.
Conducted scoping, planning and kick off meeting for Security assessments.
Established security baselines. assisted in cloud system assessments primarily with
AWS
Performed security control assessments, risk assessments, reviewed and helped
update POAMS, monitored the security controls post authorization to maintain
compliance. annual assessments, utilized Nessus vulnerability and compliance scans.
3PAO - ANSWER-"third party assessment organization" under the FedRAMP program.
FedRAMP (Federal Risk and Management Protocol) - ANSWER-Provides security
assessment, authorization and continuous monitoring for cloud products and services.
Reusable approach to provider assessments.
Government agencies utilize this to make decisions on feasibility of specific cloud-based
solutions.
Used with cloud solution providers who market to federal government agencies.
FedRAMP - ANSWER-U.S. government security standards for cloud computing
(PMO) project management office - ANSWER-Established by organizations to create
and maintain procedures and standards for project management methodologies to be
used throughout the organization.
CSP - ANSWER-Cloud Service Provider
