Level 2 CJIS Security Test 100%
Accurate
The CJIS Security Policy outlines the minimum requirements. Each criminal justice
agency is encouraged to develop internal security training that defines local and agency
specific policies and procedures. - ANSWER True
What agencies should have written policy describing the actions to be taken in the event
of a security incident? - ANSWER Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative
information from that record. - ANSWER True
During social engineering, someone pretends to be ________ in an attempt to gain illicit
access to protected data systems. - ANSWER an authorized user or other trusted
source
Who should report any suspected security incident? - ANSWER All personnel
Hard copies of CJI data should be ________when no longer required. - ANSWER
physically destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system. - ANSWER False
Agencies are not required to develop and publish internal information security policies,
including penalties for misuse. - ANSWER False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas. - ANSWER True
Training for appropriate personnel would include people who read criminal histories but
do not have a NCIC workstation of their own. - ANSWER True
FBI CJI data may be shared with close friends. - ANSWER False
A physically secure location is a facility, a criminal justice conveyance, or an area, a
room, or a group of rooms within a facility with both the physical and personnel security
controls sufficient to protect CJI and associated information systems. - ANSWER True
Sometimes you may only see indicators of a security incident. - ANSWER True
All persons who have access to CJI are required to have security training within _____
months of assignment. - ANSWER 6
Accurate
The CJIS Security Policy outlines the minimum requirements. Each criminal justice
agency is encouraged to develop internal security training that defines local and agency
specific policies and procedures. - ANSWER True
What agencies should have written policy describing the actions to be taken in the event
of a security incident? - ANSWER Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative
information from that record. - ANSWER True
During social engineering, someone pretends to be ________ in an attempt to gain illicit
access to protected data systems. - ANSWER an authorized user or other trusted
source
Who should report any suspected security incident? - ANSWER All personnel
Hard copies of CJI data should be ________when no longer required. - ANSWER
physically destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system. - ANSWER False
Agencies are not required to develop and publish internal information security policies,
including penalties for misuse. - ANSWER False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas. - ANSWER True
Training for appropriate personnel would include people who read criminal histories but
do not have a NCIC workstation of their own. - ANSWER True
FBI CJI data may be shared with close friends. - ANSWER False
A physically secure location is a facility, a criminal justice conveyance, or an area, a
room, or a group of rooms within a facility with both the physical and personnel security
controls sufficient to protect CJI and associated information systems. - ANSWER True
Sometimes you may only see indicators of a security incident. - ANSWER True
All persons who have access to CJI are required to have security training within _____
months of assignment. - ANSWER 6
