CJIS SECURITY EXAM PREP KIT 2026
BUNDLED PRACTICE SOLUTION GUIDE
● Criminal Justice Information (CJI). Answer: Information related to
criminal justice that must be secured and protected
● FBI CJIS Security Policy. Answer: Policy requiring completion of
security and privacy training before system access and annually
thereafter
● Literacy Training and Awareness. Answer: Understanding threats,
vulnerabilities, and risks associated with security and privacy
● Access Control. Answer: Measures to restrict access to authorized
personnel only
● Physical Security. Answer: Measures to protect physical locations
processing or storing CJI
● System Security. Answer: Measures to protect information systems
processing or storing CJI
● Incident Response. Answer: Procedures for responding to suspected
security incidents
, ● Insider Threat. Answer: Security risk from personnel with access to
sensitive information
● Social Engineering. Answer: Tricking individuals into revealing
information or taking actions to attack systems or networks
● Phishing. Answer: Digital form of social engineering using authentic-
looking emails to trick users
● Spear Phishing. Answer: Type of phishing targeting specific users or
groups based on their position
● Pretexting and Impersonation. Answer: Creating a fictional backstory
to manipulate someone into providing private information
● Baiting. Answer: Using a false promise to lure users into a trap,
including enticing ads leading to malicious sites
● Tailgating. Answer: Unauthorized person manipulating their way into
a restricted area
● Shoulder Surfing. Answer: Unauthorized person standing near a user
to obtain their password or other data
BUNDLED PRACTICE SOLUTION GUIDE
● Criminal Justice Information (CJI). Answer: Information related to
criminal justice that must be secured and protected
● FBI CJIS Security Policy. Answer: Policy requiring completion of
security and privacy training before system access and annually
thereafter
● Literacy Training and Awareness. Answer: Understanding threats,
vulnerabilities, and risks associated with security and privacy
● Access Control. Answer: Measures to restrict access to authorized
personnel only
● Physical Security. Answer: Measures to protect physical locations
processing or storing CJI
● System Security. Answer: Measures to protect information systems
processing or storing CJI
● Incident Response. Answer: Procedures for responding to suspected
security incidents
, ● Insider Threat. Answer: Security risk from personnel with access to
sensitive information
● Social Engineering. Answer: Tricking individuals into revealing
information or taking actions to attack systems or networks
● Phishing. Answer: Digital form of social engineering using authentic-
looking emails to trick users
● Spear Phishing. Answer: Type of phishing targeting specific users or
groups based on their position
● Pretexting and Impersonation. Answer: Creating a fictional backstory
to manipulate someone into providing private information
● Baiting. Answer: Using a false promise to lure users into a trap,
including enticing ads leading to malicious sites
● Tailgating. Answer: Unauthorized person manipulating their way into
a restricted area
● Shoulder Surfing. Answer: Unauthorized person standing near a user
to obtain their password or other data
