Level 2 CJIS Security Test
The CJIS Security Policy outlines the minimum requirements. Each criminal justice
agency is encouraged to develop internal security training that defines local and agency
specific policies and procedures. - ANS-True
What agencies should have written policy describing the actions to be taken in the event
of a security incident? - ANS-Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative
information from that record. - ANS-True
During social engineering, someone pretends to be ________ in an attempt to gain illicit
access to protected data systems. - ANS-an authorized user or other trusted source
Who should report any suspected security incident? - ANS-All personnel
Hard copies of CJI data should be ________when no longer required. - ANS-physically
destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system. - ANS-False
Agencies are not required to develop and publish internal information security policies,
including penalties for misuse. - ANS-False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas. - ANS-True
Training for appropriate personnel would include people who read criminal histories but
do not have a NCIC workstation of their own. - ANS-True
FBI CJI data may be shared with close friends. - ANS-False
FBI CJI data is any data derived from the national CJIS Division systems. - ANS-True
The CJIS Security Policy outlines the minimum requirements. Each criminal justice
agency is encouraged to develop internal security training that defines local and agency
specific policies and procedures. - ANS-True
What agencies should have written policy describing the actions to be taken in the event
of a security incident? - ANS-Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative
information from that record. - ANS-True
During social engineering, someone pretends to be ________ in an attempt to gain illicit
access to protected data systems. - ANS-an authorized user or other trusted source
Who should report any suspected security incident? - ANS-All personnel
Hard copies of CJI data should be ________when no longer required. - ANS-physically
destroyed
Users do not need to log off of the software/system at the end of the shift or when
another operator wants to use the software/system. - ANS-False
Agencies are not required to develop and publish internal information security policies,
including penalties for misuse. - ANS-False
Custodial workers that access the terminal area must have a fingerprint background
check done and training unless they are escorted in these areas. - ANS-True
Training for appropriate personnel would include people who read criminal histories but
do not have a NCIC workstation of their own. - ANS-True
FBI CJI data may be shared with close friends. - ANS-False
FBI CJI data is any data derived from the national CJIS Division systems. - ANS-True
