2025 CJIS SECURITY TEST WITH 100+
QUESTIONS AND CORRECT ANSWERS FOR
EXAM PREP/ CJIS SECURITY EXAM 2025
PRACTICE QS AND AS (BRAND NEW!)
A security incident is a violation or attempted violation of the FBI CJIS Security
Policy or other security policy that would threaten the confidentiality, integrity or
availability of FBI or State CJI data.
True
A physically secure location is a facility, a criminal justice conveyance, or an area,
a room, or a group of rooms within a facility with both the physical and personnel
security controls sufficient to protect CJI and associated information systems.
True
Sometimes you may only see indicators of a security incident.
True
A security incident shall be reported to the CJIS Systems Agency's (CSA's)
Information Security Officer (ISO) and include the following information: date of
the incident, location(s) of incident, systems affected, method of detection, nature
of the incident, description of the incident, actions taken/resolution, date and
contact information for the agency.
True
All persons who have access to CJI are required to have security training within
_____ months of assignment.
6
Training for appropriate personnel would include vendors who develop software
for NCIC access.
True
Interstate Identification Index (III), known as 'Triple I', is a 'pointer' system for the
interstate exchange of criminal history record information.
True
pg. 1
,All persons who have direct access to FBI CJI data and all appropriate Information
Technology (IT) personnel (including vendors) shall receive security awareness
training on a biennial basis.
True
Social engineering is an attack based on deceiving users or administrators at the
target site.
True
Unauthorized requests, receipt, release, interception, dissemination or discussion of
FBI CJI data could result in criminal prosecution and/or termination of
employment.
True
Access to and use of FBI CJI is only for:
criminal justice or authorized civil purposes only
Criminal justice purposes (also known as the administration of criminal justice)
include: detection, apprehension, detention, pretrial release, post-trial release,
prosecution, adjudication, correctional supervision, or rehabilitation of accused
persons or criminal offenders.
True
BI CJI data is sensitive information and security shall be afforded to prevent any
unauthorized access, use or dissemination of the data.
True
The CJIS Security Policy outlines the minimum requirements. Each criminal
justice agency is encouraged to develop internal security training that defines local
and agency specific policies and procedures.
True
What agencies should have written policy describing the actions to be taken in the
event of a security incident?
Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any
derivative information from that record.
pg. 2
, True
During social engineering, someone pretends to be ________ in an attempt to gain
illicit access to protected data systems.
an authorized user or other trusted source
Who should report any suspected security incident?
All personnel
Hard copies of CJI data should be ________when no longer required.
physically destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system.
False
Agencies are not required to develop and publish internal information security
policies, including penalties for misuse.
False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas.
True
Training for appropriate personnel would include people who read criminal
histories but do not have a NCIC workstation of their own.
True
FBI CJI data may be shared with close friends.
False
FBI CJI data is any data derived from the national CJIS Division systems.
True
You should never email Criminal Justice Information(CJI) unless your agency's
email system meets all the requirements outlined in the latest CJIS Security policy.
True
pg. 3
QUESTIONS AND CORRECT ANSWERS FOR
EXAM PREP/ CJIS SECURITY EXAM 2025
PRACTICE QS AND AS (BRAND NEW!)
A security incident is a violation or attempted violation of the FBI CJIS Security
Policy or other security policy that would threaten the confidentiality, integrity or
availability of FBI or State CJI data.
True
A physically secure location is a facility, a criminal justice conveyance, or an area,
a room, or a group of rooms within a facility with both the physical and personnel
security controls sufficient to protect CJI and associated information systems.
True
Sometimes you may only see indicators of a security incident.
True
A security incident shall be reported to the CJIS Systems Agency's (CSA's)
Information Security Officer (ISO) and include the following information: date of
the incident, location(s) of incident, systems affected, method of detection, nature
of the incident, description of the incident, actions taken/resolution, date and
contact information for the agency.
True
All persons who have access to CJI are required to have security training within
_____ months of assignment.
6
Training for appropriate personnel would include vendors who develop software
for NCIC access.
True
Interstate Identification Index (III), known as 'Triple I', is a 'pointer' system for the
interstate exchange of criminal history record information.
True
pg. 1
,All persons who have direct access to FBI CJI data and all appropriate Information
Technology (IT) personnel (including vendors) shall receive security awareness
training on a biennial basis.
True
Social engineering is an attack based on deceiving users or administrators at the
target site.
True
Unauthorized requests, receipt, release, interception, dissemination or discussion of
FBI CJI data could result in criminal prosecution and/or termination of
employment.
True
Access to and use of FBI CJI is only for:
criminal justice or authorized civil purposes only
Criminal justice purposes (also known as the administration of criminal justice)
include: detection, apprehension, detention, pretrial release, post-trial release,
prosecution, adjudication, correctional supervision, or rehabilitation of accused
persons or criminal offenders.
True
BI CJI data is sensitive information and security shall be afforded to prevent any
unauthorized access, use or dissemination of the data.
True
The CJIS Security Policy outlines the minimum requirements. Each criminal
justice agency is encouraged to develop internal security training that defines local
and agency specific policies and procedures.
True
What agencies should have written policy describing the actions to be taken in the
event of a security incident?
Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any
derivative information from that record.
pg. 2
, True
During social engineering, someone pretends to be ________ in an attempt to gain
illicit access to protected data systems.
an authorized user or other trusted source
Who should report any suspected security incident?
All personnel
Hard copies of CJI data should be ________when no longer required.
physically destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system.
False
Agencies are not required to develop and publish internal information security
policies, including penalties for misuse.
False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas.
True
Training for appropriate personnel would include people who read criminal
histories but do not have a NCIC workstation of their own.
True
FBI CJI data may be shared with close friends.
False
FBI CJI data is any data derived from the national CJIS Division systems.
True
You should never email Criminal Justice Information(CJI) unless your agency's
email system meets all the requirements outlined in the latest CJIS Security policy.
True
pg. 3
