CJIS Recertification Test Questions with Correct Answers Latest Update 2025-2026
1. An example of a security incident indicator is: - Answers Sudden high activity on an account
that has had little or no activity for months
Any incidents or unusual activity should be reported to your agency contact, LASO, or
Information Security Officer immediately - Answers True
Access to and use of CJI and CHRI is for: - Answers Criminal justice purposes and authorized
noncriminal justice functions only
1. Organizational policy does not have to cover the posting of information on personal social
media pages. - Answers False
Which of the following should be included in a Security Incident Report? - Answers All of these
are correct
The security principle of _______ is the division of roles and responsibilities so that different
individuals perform each function related to administrative duties. - Answers Separation of
duties
Which of the following contains CHRI and is considered to be a restricted file? - Answers
National Sex Offender Registry Files
Malicious code, also known as _______, refers to a program that is covertly inserted into another
program with the intent to compromise the confidentiality, integrity, or availability of the data -
Answers Malware
Visitors should be escorted and monitored at all times within the physically secure location. -
Answers True
Information obtained from the III system must be used for the SAME authorized purpose for
which it was requested - Answers True
Only personnel who work in law enforcement have to complete Security and Privacy Training. -
Answers False
Social engineering is an attempt to trick an individual into revealing information or taking an
action that can be used to attack systems or networks. - Answers True
Only members of the management team are responsible for ensuring that physically secure
areas stay secure. - Answers False
Agencies must authorize and control system-related items entering and exiting the physically
secure location. - Answers True
Private contractors who perform criminal justice functions must meet the same training and
1. An example of a security incident indicator is: - Answers Sudden high activity on an account
that has had little or no activity for months
Any incidents or unusual activity should be reported to your agency contact, LASO, or
Information Security Officer immediately - Answers True
Access to and use of CJI and CHRI is for: - Answers Criminal justice purposes and authorized
noncriminal justice functions only
1. Organizational policy does not have to cover the posting of information on personal social
media pages. - Answers False
Which of the following should be included in a Security Incident Report? - Answers All of these
are correct
The security principle of _______ is the division of roles and responsibilities so that different
individuals perform each function related to administrative duties. - Answers Separation of
duties
Which of the following contains CHRI and is considered to be a restricted file? - Answers
National Sex Offender Registry Files
Malicious code, also known as _______, refers to a program that is covertly inserted into another
program with the intent to compromise the confidentiality, integrity, or availability of the data -
Answers Malware
Visitors should be escorted and monitored at all times within the physically secure location. -
Answers True
Information obtained from the III system must be used for the SAME authorized purpose for
which it was requested - Answers True
Only personnel who work in law enforcement have to complete Security and Privacy Training. -
Answers False
Social engineering is an attempt to trick an individual into revealing information or taking an
action that can be used to attack systems or networks. - Answers True
Only members of the management team are responsible for ensuring that physically secure
areas stay secure. - Answers False
Agencies must authorize and control system-related items entering and exiting the physically
secure location. - Answers True
Private contractors who perform criminal justice functions must meet the same training and
