LEVEL 2 CJIS SECURITY TEST
25+ (Fully Updated 2026) Exam Questions + Verified & Rationalized
Answers | A+ Graded
100% Guarantee Pass
📋 DOCUMENT OVERVIEW 25 Qs
This document, "Level 2 CJIS Security Test," covers specific topics related to CJIS (Criminal Justice
Information Services) security policies, including security training, incident response, data protection,
social engineering, and access control. The document provides a comprehensive review of these
concepts, with 25 questions each including the correct answer and detailed explanation/rationale. It can
be used for studying, reviewing, and understanding CJIS security concepts, enabling students to prepare
effectively for exams and assessments.
✓ Verified Answers ✓ Exam Ready ✓ Study Guide
Trusted by thousands of students and professionals worldwide
EXAM QUESTIONS
QUESTION 1
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is
encouraged to develop internal security training that defines local and agency specific policies and
procedures.
CORRECT ANSWER
True
RATIONALE: The phrase "outlines the minimum requirements" implies that agencies have flexibility to implement more
stringent security protocols beyond the base level mandated by the CJIS Security Policy. Therefore, it's logical to assume
that agencies are permitted to establish their own, more specific policies and procedures.
QUESTION 2
What agencies should have written policy describing the actions to be taken in the event of a security
incident?
CORRECT ANSWER
Every agency accessing CJI
Trusted by thousands of students and professionals worldwide Page 1 of 7
, RATIONALE: This answer is correct because CJI (Criminal Justice Information) systems contain sensitive and protected
personally identifiable information, making it essential for all agencies accessing such information to have a written policy
outlining the necessary procedures in the event of a security incident. By having a standardized policy, agencies can
ensure the continuity of operations, protect sensitive information, and comply with relevant laws and regulations.
QUESTION 3
Criminal History Record Information (CHRI) is arrest-based data and any derivative information from
that record.
CORRECT ANSWER
True
RATIONALE: The term "True" is correct because CHRI is typically defined and governed by laws and regulations that
distinguish it from other types of criminal data, such as convictions or convictions-based data. This distinction is rooted in
the idea that CHRI captures the entirety of an individual's arrest history, including those that did not result in convictions,
making it an arrest-based system.
QUESTION 4
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to
protected data systems.
CORRECT ANSWER
an authorized user or other trusted source
RATIONALE: This answer is correct because social engineering often involves exploiting the trust relationship between
authorized users or other trusted sources and the system administrators or users, thereby gaining access to protected
data systems. By pretending to be someone trusted, the attacker can manipulate the system's access controls and gain
illicit access, highlighting the importance of verifying authenticity and identity in security protocols.
QUESTION 5
Who should report any suspected security incident?
CORRECT ANSWER
All personnel
RATIONALE: "All personnel" is the correct answer because it emphasizes the importance of having a collective
responsibility for reporting security incidents, rather than relying solely on designated personnel. This approach ensures
that security incidents are reported promptly and effectively, as anyone who witnesses or discovers an incident can
immediately notify their colleagues or superiors.
QUESTION 6
Hard copies of CJI data should be ________when no longer required.
CORRECT ANSWER
physically destroyed
Trusted by thousands of students and professionals worldwide
Page 2 of 7
25+ (Fully Updated 2026) Exam Questions + Verified & Rationalized
Answers | A+ Graded
100% Guarantee Pass
📋 DOCUMENT OVERVIEW 25 Qs
This document, "Level 2 CJIS Security Test," covers specific topics related to CJIS (Criminal Justice
Information Services) security policies, including security training, incident response, data protection,
social engineering, and access control. The document provides a comprehensive review of these
concepts, with 25 questions each including the correct answer and detailed explanation/rationale. It can
be used for studying, reviewing, and understanding CJIS security concepts, enabling students to prepare
effectively for exams and assessments.
✓ Verified Answers ✓ Exam Ready ✓ Study Guide
Trusted by thousands of students and professionals worldwide
EXAM QUESTIONS
QUESTION 1
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is
encouraged to develop internal security training that defines local and agency specific policies and
procedures.
CORRECT ANSWER
True
RATIONALE: The phrase "outlines the minimum requirements" implies that agencies have flexibility to implement more
stringent security protocols beyond the base level mandated by the CJIS Security Policy. Therefore, it's logical to assume
that agencies are permitted to establish their own, more specific policies and procedures.
QUESTION 2
What agencies should have written policy describing the actions to be taken in the event of a security
incident?
CORRECT ANSWER
Every agency accessing CJI
Trusted by thousands of students and professionals worldwide Page 1 of 7
, RATIONALE: This answer is correct because CJI (Criminal Justice Information) systems contain sensitive and protected
personally identifiable information, making it essential for all agencies accessing such information to have a written policy
outlining the necessary procedures in the event of a security incident. By having a standardized policy, agencies can
ensure the continuity of operations, protect sensitive information, and comply with relevant laws and regulations.
QUESTION 3
Criminal History Record Information (CHRI) is arrest-based data and any derivative information from
that record.
CORRECT ANSWER
True
RATIONALE: The term "True" is correct because CHRI is typically defined and governed by laws and regulations that
distinguish it from other types of criminal data, such as convictions or convictions-based data. This distinction is rooted in
the idea that CHRI captures the entirety of an individual's arrest history, including those that did not result in convictions,
making it an arrest-based system.
QUESTION 4
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to
protected data systems.
CORRECT ANSWER
an authorized user or other trusted source
RATIONALE: This answer is correct because social engineering often involves exploiting the trust relationship between
authorized users or other trusted sources and the system administrators or users, thereby gaining access to protected
data systems. By pretending to be someone trusted, the attacker can manipulate the system's access controls and gain
illicit access, highlighting the importance of verifying authenticity and identity in security protocols.
QUESTION 5
Who should report any suspected security incident?
CORRECT ANSWER
All personnel
RATIONALE: "All personnel" is the correct answer because it emphasizes the importance of having a collective
responsibility for reporting security incidents, rather than relying solely on designated personnel. This approach ensures
that security incidents are reported promptly and effectively, as anyone who witnesses or discovers an incident can
immediately notify their colleagues or superiors.
QUESTION 6
Hard copies of CJI data should be ________when no longer required.
CORRECT ANSWER
physically destroyed
Trusted by thousands of students and professionals worldwide
Page 2 of 7
