Level 2 CJIS Security Test questions with correct
answers
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is encouraged to develop internal security training that defines local and agency specific policies and procedures. - correct answer True
What agencies should have written policy describing the actions to be taken in the event of a security incident? - correct answer Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative information
from that record. - correct answer True
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to protected data systems. - correct answer an authorized user or other trusted source
Who should report any suspected security incident? - correct answer All personnel
Hard copies of CJI data should be ________when no longer required. - correct answer physically
destroyed
Users do not need to log off of the software/system at the end of the shift or when another operator wants to use the software/system. - correct answer False
Agencies are not required to develop and publish internal information security policies, including
penalties for misuse. - correct answer False
Custodial workers that access the terminal area must have a fingerprint background check done and training unless they are escorted in these areas. - correct answer True
Training for appropriate personnel would include people who read criminal histories but do not have a NCIC workstation of their own. - correct answer True
answers
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is encouraged to develop internal security training that defines local and agency specific policies and procedures. - correct answer True
What agencies should have written policy describing the actions to be taken in the event of a security incident? - correct answer Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative information
from that record. - correct answer True
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to protected data systems. - correct answer an authorized user or other trusted source
Who should report any suspected security incident? - correct answer All personnel
Hard copies of CJI data should be ________when no longer required. - correct answer physically
destroyed
Users do not need to log off of the software/system at the end of the shift or when another operator wants to use the software/system. - correct answer False
Agencies are not required to develop and publish internal information security policies, including
penalties for misuse. - correct answer False
Custodial workers that access the terminal area must have a fingerprint background check done and training unless they are escorted in these areas. - correct answer True
Training for appropriate personnel would include people who read criminal histories but do not have a NCIC workstation of their own. - correct answer True
