CJIS Policy 5/105.18 Questions and
Answers Latest Update (2024/2025)
Already Passed
What is the primary purpose of a security policy in handling sensitive information?
✔✔The primary purpose is to ensure the confidentiality, integrity, and availability of data while
preventing unauthorized access.
Who is responsible for enforcing security policies within an organization?
✔✔All employees and authorized personnel are responsible, with designated security officers
overseeing enforcement.
Why is access control important for protecting sensitive information?
✔✔Access control ensures that only authorized individuals can view or modify sensitive data,
reducing the risk of breaches.
What should be done if a security violation is detected?
✔✔The violation should be reported immediately to the appropriate security personnel for
investigation and resolution.
1
, How often should security awareness training be conducted?
✔✔Training should be conducted regularly to ensure employees stay informed about best
practices and emerging threats.
Why is encryption necessary when transmitting sensitive data?
✔✔Encryption protects data from being intercepted or accessed by unauthorized individuals
during transmission.
What is the role of audit logs in maintaining security compliance?
✔✔Audit logs track system access and activities, helping to detect suspicious behavior and
support investigations.
How should physical access to secure areas be managed?
✔✔Access should be limited to authorized personnel, with entry logs and surveillance to monitor
activities.
What should be done before disposing of devices that contain sensitive information?
✔✔Devices should be securely wiped or destroyed to prevent unauthorized recovery of data.
2
Answers Latest Update (2024/2025)
Already Passed
What is the primary purpose of a security policy in handling sensitive information?
✔✔The primary purpose is to ensure the confidentiality, integrity, and availability of data while
preventing unauthorized access.
Who is responsible for enforcing security policies within an organization?
✔✔All employees and authorized personnel are responsible, with designated security officers
overseeing enforcement.
Why is access control important for protecting sensitive information?
✔✔Access control ensures that only authorized individuals can view or modify sensitive data,
reducing the risk of breaches.
What should be done if a security violation is detected?
✔✔The violation should be reported immediately to the appropriate security personnel for
investigation and resolution.
1
, How often should security awareness training be conducted?
✔✔Training should be conducted regularly to ensure employees stay informed about best
practices and emerging threats.
Why is encryption necessary when transmitting sensitive data?
✔✔Encryption protects data from being intercepted or accessed by unauthorized individuals
during transmission.
What is the role of audit logs in maintaining security compliance?
✔✔Audit logs track system access and activities, helping to detect suspicious behavior and
support investigations.
How should physical access to secure areas be managed?
✔✔Access should be limited to authorized personnel, with entry logs and surveillance to monitor
activities.
What should be done before disposing of devices that contain sensitive information?
✔✔Devices should be securely wiped or destroyed to prevent unauthorized recovery of data.
2
