CJIS CJIS Configuration Management & System Protection

Question 1

Under the CJIS Security Policy, which document must be maintained to record the approved baseline configuration of a system accessing CJIS data?

Accepted Answer

Configuration Management Plan (CMP)

Answer

System Risk Register

Answer

System Security Plan (SSP)

Answer

Security Assessment Report (SAR)

Question 2

What is the primary purpose of establishing a configuration baseline for systems that access CJIS data?

Accepted Answer

To provide a known secure starting point for detecting unauthorized changes

Answer

To reduce software licensing costs

Answer

To document user access permissions

Answer

To satisfy state government budget reporting requirements

Question 3

Which CJIS Security Policy requirement mandates that agencies identify and document hardware and software components of systems that store, process, or transmit CJIS data?

Accepted Answer

Configuration Management and Change Control

Answer

Identification and Authentication policy

Answer

Audit and Accountability policy

Answer

Physical Protection policy

Question 4

Before deploying a change to a system that accesses CJIS data, what step is required under CJIS configuration management policy?

Accepted Answer

Testing the change in an isolated environment and documenting approval

Answer

Notifying all end users via email

Answer

Receiving written consent from the record subject

Answer

Submitting a change request to the FBI CJIS Division

Question 5

Under CJIS policy, what should agencies do with software that is no longer supported by its vendor (end-of-life)?

Accepted Answer

Remove or replace it to eliminate unpatched vulnerabilities

Answer

Continue using it with additional network monitoring

Answer

Obtain a waiver from the state CJIS Systems Officer

Answer

Isolate it on a dedicated VLAN and continue operations

Question 6

What is the recommended practice for managing default passwords on systems or devices that access CJIS data?

Accepted Answer

Change all default passwords immediately upon deployment

Answer

Document and archive default passwords in a secure vault

Answer

Disable password authentication and use biometrics only

Answer

Retain default passwords for vendor-support purposes