CJIS CJIS Configuration Management & System Protection

Question 1

Under the CJIS Security Policy, which document must be maintained to record the approved baseline configuration of a system accessing CJIS data?

Accepted Answer

Configuration Management Plan (CMP)

Answer

A Configuration Management Plan documents the approved baseline configuration and procedures for managing changes to systems that access CJIS data.

Question 2

What is the primary purpose of establishing a configuration baseline for systems that access CJIS data?

Accepted Answer

To provide a known secure starting point for detecting unauthorized changes

Answer

A configuration baseline establishes a known secure state so that unauthorized or risky changes can be detected and remediated quickly.

Question 3

Which CJIS Security Policy requirement mandates that agencies identify and document hardware and software components of systems that store, process, or transmit CJIS data?

Accepted Answer

Configuration Management and Change Control

Answer

The Configuration Management and Change Control requirement mandates that agencies maintain an inventory of hardware and software components handling CJIS data.

Question 4

Before deploying a change to a system that accesses CJIS data, what step is required under CJIS configuration management policy?

Accepted Answer

Testing the change in an isolated environment and documenting approval

Answer

CJIS policy requires that changes be tested and formally approved before deployment to prevent unauthorized or untested modifications from affecting system security.

Question 5

Under CJIS policy, what should agencies do with software that is no longer supported by its vendor (end-of-life)?

Accepted Answer

Remove or replace it to eliminate unpatched vulnerabilities

Answer

End-of-life software must be removed or replaced because it no longer receives security patches, creating exploitable vulnerabilities in CJIS environments.

(CJIS) Criminal Justice Information Services Certified Practice Test

(CJIS) Criminal Justice Information Services Certified Practice Test

CJIS CJIS Configuration Management & System Protection