Sl no QUESTION ANSWER

1 Which of the following is not a cybercrime? AES

2 In the event a laptop/device is stolen or lost, the concerned staff shall notFALSE
inform bank or file FIR.
3 ____ is the device which secretly collects data from credit/debit cards Card skimmer

4 _________ is the protection of Smart phones, Phablets, Tablets andother Mobile Security
portabletech-devices & the network to which the connect to,
fromthreats & Bugs

_____________ will encrypt all your system files and will ask you to pay a
Ransomeware
ransom in order to decrypt all the files and unlock the system.
5
6 All of the following are examples of real security and privacy risks EXCEPT: spam
7 Any Bank's information classified as "secret" or "confidential" should not TRUE
be stored on any POD is True or False ?
8 At Home you login to Social Media site and one of your friend asks email You give your personal email id
id ?
AVAILABILITY of information implies Information being available when required by a
9 business process
Clicking a link which is there in your email which came from an unknown Malicious site
source can redirect you to ____ that automatically installs malware in
10 your system
11 Cracking digital identity of any individual or doing udentity theft. Section 66
Comesunder ___ of IT act
12 Data _____ is used to ensure confidentiality Encryption
13 Employees visiting other offices should carry and display their ________. office Id CARd
14 End Point protection primarly focussed around deployment on All the abobe ( Desktop/Laptop/Phones)
15 Every Internet Banking user should know that the SBI or RBI or Government AllofofIndia
the above
will never ask for
16 Information security is the responsibility of everyone
17 Internet may be used for personal purpose with in organisation No
18 Lack of access control policy is a _____________ Vulnerabiity
19 License of MS office can be used to activate product in personal desktop? TRUE
20 Malware or malicious software is any program or file is harmful to a All the above ( Computer Virus/ Worms/ Trojan
computer user. Types of malware can include ? horse)
21 Malware stands for? Malicious software
22 mobile computing devices must not be tagged to reveal that the device belongs
TRUE to the Bank
23 The function of firewall is to prevent a system from unauthorized access
24 The Three steps of data loss prevention are ? Identity, Discover and Classify
________
To share Vulnarability closure report with auditor, Manu used public All the abobe
WIFI available in hotel. Identify the potential security risk in this
25 scenarios
User should ______ their desktop and laptop screens before leaving Lock
26 them unattended for short duration
27 What are the e-mail archiving best practices? All the above ( Good performance and user
experience / high fidelity and data quality/ Data
security)
28 A backup of all changed files since the last full
What is an incremental backup?
backup
29 What is primary goal and objective of Cyber Infrastructure CIA - All the above
30 Which are the Security best practices to be followed ? All the above
31 Which authority provide approval for e-mailaccess ansd configuration of DGM
Mail Box Size
32 Which is Bank wide application available for privileged user password PIMS
vaulting?
 Which method used by hacker relies on trusting nature of the person Social Engineering
33 being attacked
Which of the below is not best practice for desktops Desktop may have un-approved software
34 running
35 Which of the below is not used for Multi-factor authentication Something you do
36 Which of the following is an example of passive attack? Search about target records in online people
database
Which of the following is not a spot from where attackers seek Document files
37 information.
Which of the following is the hacking approach where cyber criminals Phishing
design fake website or pages for tricking or gaining additional traffic?
38
39 Which of the following is the preventive method against identity theft User should set browser Security setting to
medium/high
40 Which of the following refers to a series of characters used to verify a Password
user's identity?
X has been defined as ? Any act that influencesa person to take any Social Engineering
action that may or may not be in their best interests? Basically it is the
psychological manipulation of people into performing actions or
divulging confidential information. What is X ?
41
42 Which of them is not a scanning methodology? Identifying of services
43 What is DDoS? Distributed Denial of Service
44 A__attack one of the simplest processes of gaining access to any Brute Force
password protected system
45 Which of the following is true regarding secure password? Random passwords are the strongest
46 Which will be encompassing Strongest Password? All
47 __ deals with the protection of an individual’s information which is Digital privacy
implemented while using the Internet on any computer or personal
device
48 Which of the following is not recommended as per bank’s password Password should be kept in written copy to
security policy? remember
49 For the verification of Digital Signature you should check Both A or B
50 Internet may be used for personal pupose within organization? FALSE
51 We should Maintain a count of the physical security incidents on critical TRUE
areas TRUE or False?
52 Which of the following are the best practises to be followed while using All sensitive data should be secured
bank's systems
Which of the following statements is True? Users should not subscribe to any mailing lists/
internet websites/ Internet newsgroup/
discussion board using the Bank?s official email
53 account.
Identify the element which is not considered in the triad, according to Authenticity
54 the CIA.
55 What type of passwords one can choose ? One should always use strong passwords
(combination of alphabets, numbers and special
characters ) and very easy to remember.

56 A user use a portable device and it contains some useful information for User
business. Who is reponsible for the security this information?

57 Which of the below is not used for Multi-factor authentication Something you do
______ means the protection of data from modification by unknown Confidentiality
58 users.
59 Which of the following is not a strong security protocol? SMTP
60 If an email promises a lottery of USD 25 million on payment of 1 % Do not respond to such mails as these are bogus
charges as processing fee, we should emails.
61 Security Incidents can be logged into which portal? Archer Portal
In case misuse of Internet facility is detected, Bank reserves the right to Both (a) & (b)
62
63 Use of _______________ can bring external files and worms and virus pen drive
along with it to the internal systems.
64 Which of the following tools are not used in the Bank in order to ensure MS Teams
endpoint security
The ____________ transferred between your device & the server is data
65 securely encrypted if you are using VPNs.
While browsing news website, golu was tricked to click on a benign link Both B and C
to vote on winning prediction of Indian team. After few days, important
information of company was got leaked which was available on golu?s
system. In cyber investigation, it was found that it was a succesful Cross-
Site Scripting (XSS) attacks in which malicious scripts got downloaded on
golu?s system and that led to data exfiltration. The best way(s) to avoid
this can be ?
66
67 Technology no longer protected by copyright, available to everyone, is proprietary
considered to be:
68 License of MS office can be used to activate product in personal desktop? TRUE

Sending offensive message to someone comes under_______ of the Section 67,2000

69 Indian IT Act.
Which of the following is not on OWASP’s top 10 web application Noncompliance
70 security risks?
71 Power points for ATM in the onsite ATM should Not be accessible to public
72 eWaste generated by branches/RBO’s/LHOs/Corporate Center/C.C. All of the above
establishments should be channelized through
73 The security of a system can be approved by both a & b
Why it is important for the employeed to intercept or monitor email All of the above
74 usage of the employee?
75 How should be the PII/sensitive details stored in Bank’s asset Stored using secure password protected form

76 X is an algorithm on a computer system that bypass security controls. Backdoor

Generally,this is added by the original developer for some legitimate
access.which may also used by a hacker in a malicious way.What is this
form of vulnerability called?
77 Which of them is not a scanning tool? Nexpose
78 Internet can be accessed from your branch/office desktop through Bank’s Centralized internet proxy
79 Which one of the following refers to the technique used for verifying the Message digest
integrity of the message
80 Which are the security best practices to be followed All of the above
One who disclosed information to public of a company, organisation Whistleblower
form govt and private agencies and He/ She is the member of employee
81 of that organisation
82 What is meant by term spamming Unsolicited emails to large number of users
83 Key logger is a/an Spyware
84 Clear pass NAC agent check compliance for which of the following All of the above
_____ is a naming given to different computers which adapt to human DNS
85 readable domain names.
If a user knows that is internet banking account credentials is stolen, he Either a or b
86 can protect his account by
87 What is S’ in HTTPS Secure
88 Which of the following are valid class of file Class A,B,C,D,K
89 CERT-In represents Computer emergency response team India
In a forensic investigation reserves the right to seize and forensically TRUE
examine any POD believed to contain, or to have contained , bank’s data
where necessary for investigatory or regulatory control purposes is true
90 or false?
91 Spywares can be used to steal______ from the attacker’s browser Browsing history
92 Any digital content which any individual creates and is not acceptable to Section 67
the society,it? a cyber crime that comes under
93 INTEGRITY of information implies Accuracy and completeness of information
To share vulnerability closure report with auditor,Manu used public WiFi All of the above are the genuine risks associated
available in hotel.Identify the potential security risk in this scenarios in this case
94
95 Which will be encompassing strongest password All of the above together
96 Authorization for multiple applications using one set of credentials is best Single Sign-on
described by which of the following
All of these are good social media interaction practices except? D.Users may express authority using the name
of the Bank while expressing any views in any of
the internet sites/social media.
97
In a forensic investigation what includes Reserve te Right to control its All of the above
98 information?
99 Which of the following is true regarding secure password? None of the above
100 What type of passwords one can choose? One should always use strong
paswords(combination of
alphabet,numbers,and special characters)and
very easy to remember
This is the conversion of data into a ciphertext that cannot be easily encryption
101 understood by unauthorized people
Who deploy Malwares to a system or network? Criminal organization,Black hat
hackers,malware developers,cyber-terrorists
102
103 In which phase,the hackers install backdoors so that his,her owners with Covering tracks
the victim?system canbe retained later?
104 For the visit of vendors what are the preferable documents are Both A or B
requested for him/her to enter the premises(Select most appropriate)

105 Back up and retention should be decided based on All of the above
______ is the practice and precaution taken to protect valuable Information security
information from unauthorised access,recording,disclosure ordestruction
106
107 Any cyber-crime that comes under section 66 of IT Act,the person gets 5 lakhs
fined of amount Rs
108 Which of the following is not an advantage of cyber security? Protects system against viruses
109 Physical security is provided for Both a and b
110 Which of the following is not done in gaining access phase? Buffer overflow/Tunnelling
111 Which of the following is a good practice? Grant limited permission to specified account

112 Ideally,what characters should you use in a password to make it strong? All of the above

113 The security of a system can be improved by Both a and b

114 By using______you can diminish the chance of data leakage Cryptography
115 User should safeguard.private key by which of the following method Either a or b

116 Which of the following is the hacking approach where cyber-criminals Pharming
design fake websites or pages for tricking or gaining additional traffic?

The user logs a ticket for reporting issues related to AVS solution.The All of the above
117 user can log a case or incident in multiple ways:
.________ involves scams where an individual(usually an attacker)lie for Pretexting
a person(the target victim) to acquire privilege data
118
119 Mr.A is a bank officer and he is often browsing malicious websites Unauthorized copying of files is a threat as it
downloading from p2p file sharing networks.What is the risk and What may lead to loss of confidential
action bank can take? information.Downloading unauthorized
software or using p2p programs may introduce
malware into the organisation,leading to theft
of information or loss of system availability.Bank
reserves the right to terminate/disable any
email account within its purview under
suspicion of in case it detects potential misuse
of the account.

120 Which of these answers describes the best way to protect against 'tech All of the above
support' scams
What is the difference between DevOps and DevSecOps DevSecOps places security controls in the CI/CD
121 process of DevOps
IP Address of non-ADS machines and machines without anti-virus,if any PE2,[email protected]
should be advised to_____ dept through email addressed to_____
122
123 Which of the following is not a strong security protocol? SMTPs
124 Which of the following is the least strong security encryption standard? WEP

125 __________ and _____are kept in a well ventilated environment UPS,Batteries

126 Which of the following do not come under social engineering? Tailgating
127 Which is the most appropriate method to prevent unauthorized access Lock the desktop using Windows key+L
to your desktop if you are leaving your work station for a short duration

128 ___________ is the combined term which encompasses 3 sub-pillars; Digital privacy
information privacy,individual privacy and communication privacy

You need to access an internet site which is unofficial which is not Refrain from doing anyone of the above as they
129 opening in the branch desktop?What will you do? are against Bank Policy
_________ are deadly exploits where the vulnerability is known and Zero-day exploits
founf by cyber but not known and fixed by the owner of that application?
130
131 User should protect their password from unauthorised access.The TRUE
statement is
132 Attackers commonly target__________for fetching IP Address of a target Websites
or victim user
License of MS office can be used to activate product in personal desktop? TRUE
133
134 Which is not a threat modeling methodology? TOGAF
135 Technology no longer protected by copyright,available to everyone,is In the public domain
considered to be:
136 What are the required elements to be present in identity card? All of the above
 From the options below,which of them is not a vulnerability to Flood
137 information technology?
Which platform is being used to raise ISD In-principle approval and final CSR Portal
138 security review in the bank
139 ________ is a property of access control of multiple related,yet Single Sign-on
independent,software systems.
140 Which of the following is NOT the major aspect of protecting Convenience
information?
Which authority provides approval for the e-mail access and DGM
141 configuration of mailbox size?
Select from the following that will help us for the secure disposal of Obsolete documents/papers should be
data?(question incomplete) destroyed/shredded using secure measures and
preparing and keeping a list of such documents.
142
143 Obselete papers and computer media which are no longer is Shredded
use(question incomplete)
144 _______is a component of the reconnaissance stage that used to gather Footprinting
possible information for a target computer system or network.

What are the two main approaches used to determine the likelihood Qualitative and quantitative
145 threat occuring(question incomplete)
You have a highly sensitive document which you need to email to a Encrypt the document first.Then send the
trusted third-party.What is the safest way to send this? password to the third-party using a different
communication method,such as
146 SMS(INCOMPLETE)
147 _______ provides an isolated tunnel across a public network for sending Virtual Private Network
and receiving data privately as if the computing devices were directly
connected to the private network.
148 Undertaking for eWaste to be submitted by vendors to DC&C, Annualy
what intervals(incomplete)
URL address of Bank's Internet banking site is Secure
149 https://www.onlinesbi.com.Letter S in the 'https' denotes
Which of the following is the strongest security encryption standard? WPA2
150
151 Where should you store the encryption passphrase for your laptop? Use the password management tool
supplied/authorosed by your organisation
152 _________is the illicit transmission of data from inside an organisation or Data leakage
personal system to an external location or recipient.

153 Information Security awareness training should be imparted All of the above
What all policies are available to the end users to report security Both A&B
154 violations
155 ___________is a scenario when information is accessed without Data breach
authorization.
156 Select the Phishing Schemes that apply to the Both option A and B
followingemail:From:[email protected] Subject:Account
Status Dear Valued customer,Urgent Kind Attention SBI Bank Customer
Due to a recent security check on your account porformed by R.B.I,we
require you to confirm details.Failure to do so within 24 hours will lead
to account suspension.Sorry for the inconvenience.Click here to confirm
your ACCOUNT Regards, SBI Online Customer Service This email has been
sent by SBI Bank