Survey Maker Survey Templates Contact Privacy & Security

CSTAR Final Exam

Exam Overview: There are two parts to the exam. The first is hands-on, where you input appropriate data into your assigned system, and the other consists of ten multiple-choice questions. A minimum of 70% must be obtained to receive a certificate.

(POC) When assigning POCs to managed systems in CSTAR, which fields must be populated by the system owners?

Commander/Hospital Commander, CIO, Deputy CIO, System Owner/PM, ISSE, System IA POC, ISSM, and ISSO

ESABAD & D2D Team

Marketplace Lead & SAVR Analyst

TAS Lead & D2D Trans Approval Gov Lead

(POC) What actions do you take to have your name added to a dropdown list for a specific role in CSTAR?

Request a new role using "My Resource Page" and request an additional role

Contact the CSTAR Development team via email

Vent frustrations to anyone who listens

Submit a CSTAR Help Ticket

(TL) Who is ultimately responsible for managing official RMF ATO timelines within CSTAR?

The Validation Team

The Market Place Team

ISSM, ISSO, IA POC and CIO or PM

All stakeholders

(TL) Where can a CSTAR end-user find the official RMF Timeline for a specific effort type?

CSTAR > System Details page > Effort Page

CSTAR > Navigation Bar > Cybersecurity Events Calendar

CSTAR > Navigation Bar > My Actions

None of the answers are correct

(TL) Where is the official RMF Timeline located?

CSTAR > System Details page > Effort Page

On a command's spreadsheet

Uploaded to the eMASS record artifacts

The SCA manages the official timeline

(RP) Where do system owners (ISSM, ISSOs, or IA POCs) request the support of Assessment & Authorization (A&A)?

The RMF Portal’s PEO MS CIO J-6 Portal’s “Request/View a Service,” then select “Assessment & Authorization” as a service

Contact the AO directly via email to begin tracking the effort

Contact the previous lead validator to get you pointed in the right direction

Submit an ITSM Remedy Ticket for A&A support

(RP) How often should CSTAR end users place an update for the effort in CSTAR and the associated active PEO MS CIO J-6 Request Portal?

Once a month

Every eight weeks

Once a week

Every three days

(RP) Where is the only place to submit requests related to RMF Support, RMF ATOs, and Market Place Support efforts?

The RMF Portal’s PEO MS CIO J-6 Portal’s > Request/View a Service > select “Assessment & Authorization” as a service

Contact the assigned event analyst

The RMF Portal’s PEO MS CIO J-6 Portal’s > View My Service Request > find the request

None of the above

(RP) What section of support requests do system owners reinforce the sub-service?

The Requirement section must reinforce the sub-service

The System Description section must reinforce the sub-service

Annual Reviews

Over the phone

(CCO) How do CSTAR end-users submit estimates for technical review for IV&V estimates?

Notify the assigned technical reviewer via email or send them a Microsoft Teams message

Press the "Submit for Review" button in the Cost Center or Cost Estimator Tool instance

Notify the SCAR, SCA and the Lead Validator

Notify the Secretary of Defense

(CCO) What efforts require estimates?

RMF ATO, Assess and Incorporate, ATO-C, RMF Support, and Risk Assessment efforts

RMF ATO Only

No efforts require estimates

All efforts require estimates

(CN) Where can CSTAR end users find the template to submit a PEO MS CIO J-6 request?

Https://www.ohome.apps.mil/?auth=2&home=1

Https://info.health.mil/dadio/InfoSec/Pages/KnowledgeBase.aspx

Https://gsc.health.mil

Https://info.health.mil/apps/HIT/cstar

(CN) Which CSTAR dashboard tracks authorization statuses for Platform IT systems, IS Major Applications, medical devices, and equipment to assist enclave owners in becoming a deployed location for type authorizations?

In the PEO MS CIO J-6 Request Portal’s Request Review Service page

Authorization Status Dashboard

Cyberlog Dashboard

Authorization Status Dashboard and the Cyberlog Dashboard

(CN) What does a CSTAR end user need to do to create a new CSTAR Profile?

Contact the DHA RMED Estimate Team to create the profile

Contact the CSTAR Development Team with the full name, correct email address, active phone number and appropriate roles

Contact the AO or SCA and request to have the new POCs added with the appropriate roles in CSTAR

Have the new point of contact access CSTAR, follow the directions and create their own profile

(CN)Where would CSTAR end-users go to review estimate statuses undergoing a DHA authorization?

CSTAR Default > System Details > Effort page

CSTAR Default > Dashboards > Financial

CSTAR Default > Menu Bar > Reports > Cost Estimate Tool

CSTAR Default > Dashboards > Financial and CSTAR Default > System Details > Effort page

(CN)What six fields on the system details pages do not import from the eMASS?

Size; escID; HIT Request URL; Support Requested; Existing Authorization; Registered in eMASS

DITPR; ATD; PII; PHI; PIA; eMASS ID

EMASS ID; System Name; Acronym; Program or Site; System Type; Authorization Status

Vendor; PPSM#, PIA, Decommission Memo Status; MEDCOI Migration Status, Funding Received

(CN)What part of the CSTAR navigation bar can an end-user find approved, tentatively scheduled Cybersecurity event dates?

CSTAR Default > Dashboards > Efforts

CSTAR Default > Cyber Security Events > Cybersecurity Events Calendar

CSTAR Default > Dashboards > Action Dashboard

CSTAR Default > Dashboards > Pending Timeline Change Requests

(CN)How do CSTAR end-users submit permissions requests, enhancement recommendations, resource role changes and training requests?

Email the CSTAR Development team directly

Use the CSTAR Support help request function from the CSTAR Navigation bar

Submit a DAD IO/J-6 request

Contact the DHA RMED Estimate Team to do the work for the end user

(CN) Where can a CSTAR end-user find approved RFM ATO Efforts for Independent Verification & Validation (IV&V), RMF Support, Cyberlog and A&A Support Events?

CSTAR events

Cybersecurity Events Calendar

Resource Timeline

All of the above

(CN) What area of CSTAR do end-users go to submit a CSTAR ticket?

Select the “Administrator” button to generate an email to the CSTAR developers

CSTAR Default > CSTAR Support > Help Request

CSTAR Default > CSTAR Support > FAQ

Answers b and c

(CN) Where would a CSTAR end-user find the continuous monitoring report?

DHA RMF Portal > RMF DHA Guides

RMF Portal Request Portal Reports & Metrics

RMF Interactive Workflow

CSTAR > Menu > Dashboards > Continuous Monitoring

(CN) When is the best time for a PMO to create an RMF ATO effort in CSTAR?

RMF Step 1a

RMF Step 2k

RMF Prerequisite Step a

System owners cannot create RMF efforts in CSTAR

(CN) What comments are required when submitting a CSTAR ticket?

EMASS ID; System Name; Acronym; Program or Site; System Type; Authorization Status

Phone Number, email, and name of POC

Browser used, URL, and the steps taken to get to the displayed error with a screenshot

Answers a and c are correct

(E) When is the earliest time for a PRAST to create an RMF ATO effort in CSTAR?

RMF Step 1a

RMF Step 2k

RMF Prerequisite Step a

PRASTs cannot create RMF efforts in CSTAR

(E) Whom does DHA RMED recommend to create efforts within CSTAR?

DHA RMED Estimate Team

System Owners (ISSM, ISSO, ISSE, IA POC)

Assigned validation team

Nobody creates efforts within CSTAR

(E) How many active RMF ATO efforts can occur for one system at a time within CSTAR?

One

Two

Three

There is no limit

(E) How many active Risk Assessment efforts can occur for one system at a time within CSTAR?

One

Two

Three

There is no documented limit

(F) What do estimated cost cell color codes mean?

Red = partially funded; Yellow = not funded; Green = fully funded; Aqua = future effort

Red = not funded; Yellow = partially funded where validators can work RMF steps 1 thru 3; Green = fully funded; Aqua = effort complete

Green = not funded; Yellow = fully funded; Red = partially funded; Aqua = a pleasant color

Answers a and b are correct

(F) Where do systems owners submit for Assessment & Authorization support?

Send an email directly to the AO or AODR

The PEO MS CIO J-6 Portal’s “Request/View a Service,” then select “Assessment & Authorization” as a service

Submit a request through the Remedy Help Desk

None of the above

(F) What could prevent scheduling an IV&V event?

Lack of funding for IV&V

Incomplete or inconsistent status of security controls documented in eMASS

Incomplete A&A documentation as identified in the IV&V Readiness Criteria Checklist

Any of the above could prevent scheduling an IV&V event

(F) Where can end-users find out when funds expire within CSTAR?

When people get married and have kids

Initial Request

CSTAR > System Details page > CET Status > CET

CSTAR > System Details page > Effort page > Estimated Cost (colored cell) > Funding page > Funding Snapshot

(SI) What type of information do CSTAR end-users place into the issues section of a system details page?

Any relevant information that could potentially inhibit the RMF ATO effort

POC names and contact information

Risk Acceptance Criteria

All of the answers are correct

(SI) What is an excellent example of a reportable issue in the Issue section of a system details page?

Decommissioning status

Loss of key personal

Vacation Planning

Personal problems

(SI) Which section of CSTAR do end-users highlight high-risk or negatively impacting actions?

System Details page > Conditions

System Details page > Updates

System Details page > Issues

None of the answers are correct

(SI)When do CSTAR end-users mark an issue completed?

Immediately to hide challenges

When the issue gets resolved and documented

If we choose to act like the problem does not exist

None of the answers are correct

(RMF PL) What is the Entrance Criteria for RMF Prerequisite Step f?

The ISSM uploaded the Detailed Architecture Diagram and Hardware/Software Inventory Report to eMASS. The ISSM submitted a Cost Estimate Request on the DHA DAD IO/J6 Request Portal. The Cost Estimate Team verified that the required information was uploaded and inputted into the Cost Estimate Tool. DHA Estimate Team has initiated developing a Cost Estimate

The Program Office has begun System Registration in eMASS and System information has been entered in eMASS

The DHA Cost Estimate Team has finalized a Cost Estimate and provided it to the Program Office. DHA Cost Estimate Team closes the DAD IO/J6 Cost Estimate Request and sends a notification to the SCAR

All answers are part of the entrance criteria for RMF Prerequisite step f

(RMF PL) What part of the CSTAR has approved Cybersecurity Event dates?

CSTAR Default > Dashboards > Efforts

CSTAR Default > Cybersecurity Events > Cybersecurity Events Calendar

CSTAR Default > Dashboards > Action Dashboard

CSTAR Default > Dashboards > Pending Timeline Change Requests

(RMF PL) What location would a CSTAR end-user download current DHA RMF-related guidance?

CSTAR Training

RMF Portal DAD IO/J-6 Portal Reports & Metrics

RMF DHA Guides

None of the above

(RMF PL) What are some of the entrance criteria for RMF Step 3f?

Identified Common Controls within the Implementation Plan tab in eMASS; Overlays have been tailored; Service Level Agreement(s) (SLAs) have been signed by the providing and receiving system ISSMs if applicable

The ISSM completed the review of the Self-Assessment results; ISSM updated the Risk Assessment Tab; The ISSM advanced Controls to the second role in the Control Approval Chain (CAC) in eMASS

All vulnerabilities are documented, compiled, and uploaded into eMASS by the ISSM; ISSM is updating Plan of Action & Milestones (POA&M) with mitigation strategies for newly identified vulnerabilities

All answers are part of the entrance criteria for RMF Prerequisite Step 3f

(RMF PL) Where can CSTAR end-users download current DHA RMF guidance?

RMF DHA Guides Page

CSTAR Training Page

RMF Training Page

None of the above

(RMF PL) Where is the DHA RMF Interactive Workflow located?

Https://info.health.mil/dadio/InfoSec/assessor/dharmf/SitePages/RMFWorkflow.aspx

Https://info.health.mil/apps/HIT/cstar/Lists/ChangeRequests/MyItems.aspx

Https://info.health.mil/dadio/InfoSec/Pages/KnowledgeBase.aspx

Https://info.health.mil/dadio/InfoSec/assessor/ApprovedProducts/SitePages/APL.aspx

(RMF PL)Where can a CSTAR end-user find entrance and exit criteria for each RMF step and sub-st step?

In the PEO MS CIO J-6 Request Portal’s Request Review Service page

In the DHA RMF Portal’s RMF Interactive Workflow

In the system’s RMF ATO effort’s timeline in CSTAR

Answers b and c

(RMF PL)What is the webpage for the DHA Approved Products List (APL)?

Https://info.health.mil/cos/admin/privacy/Pages/Home.aspx

Https://info.health.mil/dadio/InfoSec/assessor/ApprovedProducts/SitePages/APL.aspx

Https://info.health.mil/apps/HIT/cstar/

There is no such thing as a DHA APL

(RMF PL) What is the webpage for Privacy and Civil Liberties or PIA office?

Https://info.health.mil/cos/admin/privacy/Pages/Home.aspx

Https://info.health.mil/dadio/InfoSec/assessor/ApprovedProducts/SitePages/APL.aspx

Https://info.health.mil/apps/HIT/cstar/

There is no such thing as the Privacy and Civil Liberties or PIA office

(U) How often should CSTAR end users place an update for the effort in CSTAR and the associated active PEO MS CIO J-6 Request Portal?

Once a month

Every eight weeks

Once a week

Every three days

(U)

Where would a CSTAR end-user find system updates specific for the system within CSTAR?

The update section of the System Details Page in CSTAR.

The System Effort Page in CSTAR

The Authorization Conditions area of a system’s Effort Page in CSTAR.

Answers b and c are correct.

(U)Which databanks are required to be updated weekly for effort status?

Consolidated System Tracking & Reporting (CSTAR), and the PEO MS CIO J-6 Portal Service Request.

Enterprise Mission Assurance Support Service (eMASS).

SharePoint and Cost Estimate Tool. d. Vendor; Program or Site

Vendor; Program or Site, Operational Status, PIA & signature date, MedCOI Migration Status

{"name":"CSTAR Final Exam", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Exam Overview: There are two parts to the exam. The first is hands-on, where you input appropriate data into your assigned system, and the other consists of ten multiple-choice questions. A minimum of 70% must be obtained to receive a certificate., (POC) When assigning POCs to managed systems in CSTAR, which fields must be populated by the system owners?, (POC) What actions do you take to have your name added to a dropdown list for a specific role in CSTAR?","img":"https://www.quiz-maker.com/3012/CDN/89-4338956/cstar-logo.png?sz=1200"}