Level 2 CJIS Security Test questions with correct answers

The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is encouraged to develop internal security training that defines local and agency specific policies and procedures. CORRECT ANSWER True What agencies should have written policy describing the actions to be taken in the event of a security incident? CORRECT ANSWER Every agency accessing CJI Criminal History Record Information (CHRI) is arrest-based data and any derivative information from that record. CORRECT ANSWER True During social engineering, someone pretends to be ________ in an attempt to gain illicit access to protected data systems. CORRECT ANSWER an authorized user or other trusted source Who should report any suspected security incident? CORRECT ANSWER All personnel Hard copies of CJI data should be ________when no longer required. CORRECT ANSWER physically destroyed Users do not need to log off of the software/system at the end of the shift or when another operator wants to use the software/system. CORRECT ANSWER False Agencies are not required to develop and publish internal information security policies, including penalties for misuse. CORRECT ANSWER False