HIGH-YIELD QUESTIONS, DETAILED ANSWER
EXPLANATIONS AND RATIONALES, CRIMINAL JUSTICE
INFORMATION SERVICES (CJIS) SECURITY POLICY REVIEW,
INFORMATION SECURITY PRINCIPLES, DATA PROTECTION
REQUIREMENTS, COMPLIANCE GUIDELINES, TEST-TAKING
STRATEGIES, AND COMPREHENSIVE CERTIFICATION EXAM
PREPARATION TOOLS – 2026/2027 LATEST UPDATED
EDITION
The CJIS Security Policy outlines the minimum requirements. Each criminal
justice agency is encouraged to develop internal security training that defines
local and agency specific policies and procedures.
True
What agencies should have written policy describing the actions to be taken in
the event of a security incident?
Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any
derivative information from that record.
True
During social engineering, someone pretends to be ________ in an attempt to
gain illicit access to protected data systems.
,an authorized user or other trusted source
Who should report any suspected security incident?
All personnel
Hard copies of CJI data should be ________when no longer required.
physically destroyed
Users do not need to log off of the software/system at the end of the shift or
when another operator wants to use the software/system.
False
Agencies are not required to develop and publish internal information
security policies, including penalties for misuse.
False
Custodial workers that access the terminal area must have a fingerprint
background check done and training unless they are escorted in these areas.
True
Training for appropriate personnel would include people who read criminal
histories but do not have a NCIC workstation of their own.
True
FBI CJI data may be shared with close friends.
False
FBI CJI data is any data derived from the national CJIS Division systems.
,True
You should never email Criminal Justice Information(CJI) unless your
agency's email system meets all the requirements outlined in the latest CJIS
Security policy.
True
FBI CJI data must be safeguarded to prevent:
all of the above
A security incident is a violation or attempted violation of the FBI CJIS
Security Policy or other security policy that would threaten the
confidentiality, integrity or availability of FBI or State CJI data.
True
A physically secure location is a facility, a criminal justice conveyance, or an
area, a room, or a group of rooms within a facility with both the physical and
personnel security controls sufficient to protect CJI and associated
information systems.
True
Sometimes you may only see indicators of a security incident.
True
All persons who have access to CJI are required to have security training
within _____ months of assignment.
, 6
Training for appropriate personnel would include vendors who develop
software for NCIC access.
True
Interstate Identification Index (III), known as 'Triple I', is a 'pointer' system
for the interstate exchange of criminal history record information.
True
All persons who have direct access to FBI CJI data and all appropriate
Information Technology (IT) personnel (including vendors) shall receive
security awareness training on a biennial basis.
True
Social engineering is an attack based on deceiving users or administrators at
the target site.
True
Unauthorized requests, receipt, release, interception, dissemination or
discussion of FBI CJI data could result in criminal prosecution and/or
termination of employment.
True
Access to and use of FBI CJI is only for:
criminal justice or authorized civil purposes only