1|Page
CJIS SECURITY TEST WITH 100+ QUESTIONS AND
CORRECT ANSWERS FOR EXAM PREP/ CJIS
SECURITY EXAM 2025 PRACTICE QS AND AS
(BRAND NEW!)
The CJIS Security Policy outlines the minimum
requirements. Each criminal justice agency is encouraged
to develop internal security training that defines local and
agency specific policies and procedures. -
...ANSWER...✓✓True
What agencies should have written policy describing the
actions to be taken in the event of a security incident? -
...ANSWER...✓✓Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-
based data and any derivative information from that
record. - ...ANSWER...✓✓True
During social engineering, someone pretends to be
________ in an attempt to gain illicit access to protected
data systems. - ...ANSWER...✓✓an authorized user or
other trusted source
,2|Page
Who should report any suspected security incident? -
...ANSWER...✓✓All personnel
Hard copies of CJI data should be ________when no longer
required. - ...ANSWER...✓✓physically destroyed
Users do not need to log off of the software/system at the
end of the shift or when another operator wants to use
the software/system. - ...ANSWER...✓✓False
Agencies are not required to develop and publish internal
information security policies, including penalties for
misuse. - ...ANSWER...✓✓False
Custodial workers that access the terminal area must
have a fingerprint background check done and training
unless they are escorted in these areas. -
...ANSWER...✓✓True
Training for appropriate personnel would include people
who read criminal histories but do not have a NCIC
workstation of their own. - ...ANSWER...✓✓True
,3|Page
FBI CJI data may be shared with close friends. -
...ANSWER...✓✓False
FBI CJI data is any data derived from the national CJIS
Division systems. - ...ANSWER...✓✓True
You should never email Criminal Justice Information(CJI)
unless your agency's email system meets all the
requirements outlined in the latest CJIS Security policy. -
...ANSWER...✓✓True
FBI CJI data must be safeguarded to prevent: -
...ANSWER...✓✓all of the above
A security incident is a violation or attempted violation of
the FBI CJIS Security Policy or other security policy that
would threaten the confidentiality, integrity or availability
of FBI or State CJI data. - ...ANSWER...✓✓True
A physically secure location is a facility, a criminal justice
conveyance, or an area, a room, or a group of rooms
within a facility with both the physical and personnel
, 4|Page
security controls sufficient to protect CJI and associated
information systems. - ...ANSWER...✓✓True
Sometimes you may only see indicators of a security
incident. - ...ANSWER...✓✓True
All persons who have access to CJI are required to have
security training within _____ months of assignment. -
...ANSWER...✓✓6
Training for appropriate personnel would include vendors
who develop software for NCIC access. -
...ANSWER...✓✓True
Interstate Identification Index (III), known as 'Triple I', is a
'pointer' system for the interstate exchange of criminal
history record information. - ...ANSWER...✓✓True
All persons who have direct access to FBI CJI data and all
appropriate Information Technology (IT) personnel
(including vendors) shall receive security awareness
training on a biennial basis. - ...ANSWER...✓✓True
CJIS SECURITY TEST WITH 100+ QUESTIONS AND
CORRECT ANSWERS FOR EXAM PREP/ CJIS
SECURITY EXAM 2025 PRACTICE QS AND AS
(BRAND NEW!)
The CJIS Security Policy outlines the minimum
requirements. Each criminal justice agency is encouraged
to develop internal security training that defines local and
agency specific policies and procedures. -
...ANSWER...✓✓True
What agencies should have written policy describing the
actions to be taken in the event of a security incident? -
...ANSWER...✓✓Every agency accessing CJI
Criminal History Record Information (CHRI) is arrest-
based data and any derivative information from that
record. - ...ANSWER...✓✓True
During social engineering, someone pretends to be
________ in an attempt to gain illicit access to protected
data systems. - ...ANSWER...✓✓an authorized user or
other trusted source
,2|Page
Who should report any suspected security incident? -
...ANSWER...✓✓All personnel
Hard copies of CJI data should be ________when no longer
required. - ...ANSWER...✓✓physically destroyed
Users do not need to log off of the software/system at the
end of the shift or when another operator wants to use
the software/system. - ...ANSWER...✓✓False
Agencies are not required to develop and publish internal
information security policies, including penalties for
misuse. - ...ANSWER...✓✓False
Custodial workers that access the terminal area must
have a fingerprint background check done and training
unless they are escorted in these areas. -
...ANSWER...✓✓True
Training for appropriate personnel would include people
who read criminal histories but do not have a NCIC
workstation of their own. - ...ANSWER...✓✓True
,3|Page
FBI CJI data may be shared with close friends. -
...ANSWER...✓✓False
FBI CJI data is any data derived from the national CJIS
Division systems. - ...ANSWER...✓✓True
You should never email Criminal Justice Information(CJI)
unless your agency's email system meets all the
requirements outlined in the latest CJIS Security policy. -
...ANSWER...✓✓True
FBI CJI data must be safeguarded to prevent: -
...ANSWER...✓✓all of the above
A security incident is a violation or attempted violation of
the FBI CJIS Security Policy or other security policy that
would threaten the confidentiality, integrity or availability
of FBI or State CJI data. - ...ANSWER...✓✓True
A physically secure location is a facility, a criminal justice
conveyance, or an area, a room, or a group of rooms
within a facility with both the physical and personnel
, 4|Page
security controls sufficient to protect CJI and associated
information systems. - ...ANSWER...✓✓True
Sometimes you may only see indicators of a security
incident. - ...ANSWER...✓✓True
All persons who have access to CJI are required to have
security training within _____ months of assignment. -
...ANSWER...✓✓6
Training for appropriate personnel would include vendors
who develop software for NCIC access. -
...ANSWER...✓✓True
Interstate Identification Index (III), known as 'Triple I', is a
'pointer' system for the interstate exchange of criminal
history record information. - ...ANSWER...✓✓True
All persons who have direct access to FBI CJI data and all
appropriate Information Technology (IT) personnel
(including vendors) shall receive security awareness
training on a biennial basis. - ...ANSWER...✓✓True
