Level 2 CJIS Security Test | 100% Correct |
Verified | 2024 Version
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is encouraged
to develop internal security training that defines local and agency specific policies and procedures. -
✔✔True
What agencies should have written policy describing the actions to be taken in the event of a security
incident? - ✔✔Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative information from that
record. - ✔✔True
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to
protected data systems. - ✔✔an authorized user or other trusted source
Who should report any suspected security incident? - ✔✔All personnel
Hard copies of CJI data should be ________when no longer required. - ✔✔physically destroyed
Users do not need to log off of the software/system at the end of the shift or when another operator
wants to use the software/system. - ✔✔False
Agencies are not required to develop and publish internal information security policies, including
penalties for misuse. - ✔✔False
Custodial workers that access the terminal area must have a fingerprint background check done and
training unless they are escorted in these areas. - ✔✔True
Training for appropriate personnel would include people who read criminal histories but do not have a
NCIC workstation of their own. - ✔✔True
Verified | 2024 Version
The CJIS Security Policy outlines the minimum requirements. Each criminal justice agency is encouraged
to develop internal security training that defines local and agency specific policies and procedures. -
✔✔True
What agencies should have written policy describing the actions to be taken in the event of a security
incident? - ✔✔Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-based data and any derivative information from that
record. - ✔✔True
During social engineering, someone pretends to be ________ in an attempt to gain illicit access to
protected data systems. - ✔✔an authorized user or other trusted source
Who should report any suspected security incident? - ✔✔All personnel
Hard copies of CJI data should be ________when no longer required. - ✔✔physically destroyed
Users do not need to log off of the software/system at the end of the shift or when another operator
wants to use the software/system. - ✔✔False
Agencies are not required to develop and publish internal information security policies, including
penalties for misuse. - ✔✔False
Custodial workers that access the terminal area must have a fingerprint background check done and
training unless they are escorted in these areas. - ✔✔True
Training for appropriate personnel would include people who read criminal histories but do not have a
NCIC workstation of their own. - ✔✔True
