Sample Question on Cyber Security

1. Strong passwords can be difficult to remember. What can you do to avoid

forgetting them?
o A. Use mnemonics (acronyms or phrases that are easy for you to
remember)
o B. Develop a password strategy
o C. Use password management software with encryption.
o D. All of the above

2. I have a really strong password, so I should be able to use it for years. True or
False?
o A. True
o B. False

3. 'Remember me' functions in Web browsers or other applications are unsafe

and should be avoided. True or False?
o A. True
o B. False

4. Ideally, what characters should you use in a password to make it strong?

A. Letters and Numbers only

B. Mixed Case (Upper and Lower) Characters
C. Special Characters
D. All of the above

5. Which of the following usually observe each activity on the internet of the victim,
gather all information in the background, and send it to someone else?
a. Malware
b. Spyware
c. Adware
d. All of the above

6. _______ is a type of software designed to help the user's computer detect viruses
and avoid them.
a. Malware
b. Adware
c. Antivirus
d. Both B and C
7. It can be a software program or a hardware device that filters all data packets
coming through the internet, a network, etc. it is known as the_______:
a. Antivirus
b. Firewall
c. Cookies
d. Malware

8. What is Cyber Security?

a) Cyber Security provides security against malware

b) Cyber Security provides security against cyber-terrorists
c) Cyber Security protects a system from cyber attacks
d) All of the mentioned

9. Which of the following is an objective of cyber security?

a) Confidentiality
b) Integrity
c) Availability
d) All of the above

10. Governments hired some highly skilled hackers for providing cyber security for
the country or state. These types of hackers are termed as _______

a) Nation / State sponsored hackers

b) CIA triad
c) Special Hackers
d) Government Hackers

11. What is the existence of weakness in a system or network is known as?

a) Attack
b) Exploit
c) Vulnerability
d) Threat
12. In a phishing, attackers target the ________ technology to so social engineering.

a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera

13. Physical hacking is not at all possible in hospitals, banks, private firms, and non-
profit organizations.

a) True
b) False

14. Stealing pen drives and DVDs after tailgating is an example of lack of _______
security.

a) network security
b) physical security
c) database security
d) wireless security

15. _____________ is a famous technological medium for the spread of malware, facing
problems of spam, & phishing attacks.

a) Cloud
b) Pen drive
c) Website
d) Email

16. Which of them is not a proper method for email security?

a) Use Strong password

b) Use email Encryption
c) Spam filters and malware scanners
d) Click on unknown links to explore

17. Which of the following is a non-technical type of intrusion or attack technique?

a) Reverse Engineering
b) Malware Analysis
c) Social Engineering
d) Malware Writing
 18. _____________ is the technique used for tricking users to disclose their username and
passwords through fake pages.

a) Social Engineering
b) Phishing
c) Cookie Stealing
d) Banner Grabbing

19. ____________ gets propagated through networks and technologies like SMS,
Bluetooth, wireless medium, USBs and infrared to affect mobile phones.

a) Worms
b) Antivirus
c) Malware
d) Multimedia files

20. App permissions can cause trouble as some apps may secretly access your
memory card or contact data.

a) True
b) False

21. Activate _____________ when you’re required it to use, otherwise turn it off for
security purpose.

a) Flash Light
b) App updates
c) Bluetooth
d) Rotation

1. As you are an employee of Islami Bank Bangladesh Limited, you use the official mail
regularly. You got an email from your Branch Manager asking for the Full Name of a
customer along with Credit Card number and Expiry date of the top client on urgent
basis else you will get a punishment memo. What will you do at first?

Choose any two:

□ Reply right way by providing all the information.

□ Check the mail address whether it is from islamibankbd.com domain
□ Verify it whether Branch Manager mailed you or not.
□ You must report HR.
2. You got a mail from Branch Manager asking you to click on a link to renew your
password so that you can log in to eIBS. What will you do?

□ Reply to the text to confirm that you really need to renew your password.
□ Pick up the phone and call the Branch Manager, using a phone
number you know to be correct, to confirm that the request is real.
□ Click on the link. If it takes you to the website, then you’ll know it’s not a
scam.

3. A phishing attack can harm your personal computer only, but not your company’s
network.

□ True
□ False

4. Mr. H is your best friend. You recently mailed him your personal issues from your
official mail. After few days, Mr. H mailed you, “Please Open This Photo”. It was
highlighted with blue colored and underlined. When you clicked, you were directed
to a link named www.lbbleibs.com and it asks you to login.

a) You have provided your username and password. And it is saying wrong
password and directed to you to original link. Again, asks you to provide
username and password. After Providing exact same password you were able
to login. What happened actually?

□ Your username & password was stored in hacker's database.

□ Your username & password was wrong.

b) You are working with eIBS and suddenly your account logged out. And when
you are trying to login with your username & password it was saying, “Your
password is wrong.” What shall you do first?

□ Ask Branch Admin to reset your password immediately.

□ Restart your computer.
□ Break your Keyboard
□ You visit tea room to drink tea.

c) You have received Alert from IBBL Security Operation Center (iSOC) regarding
Malicious website visit i.e. www.lbbleibs.com. And warned you not to visit this
kind of websites that contains different types of malwares, adware,
ransomware etc. What will you do?

□ Shout on the Officer who gave you alert.

□ Complaints about the Officer.
□ Accept your mistake and browse carefully from next time.
□ Provide the Officer warning not to check your computer again.
 d) Suppose iSOC team informed ICT Wing head regarding the visit to malicious
website which is www.lbbleibs.com. ICT Wing head assigned a security officer
and the security officer told you the mail address of Mr. H was
[email protected] and He also informed first time you visited on
www.lbbleibs.com where first letter is L. From your account 1 crore taka has
been transferred to different account. You said you didn’t know as you thought
it was a problem of eIBS. From the case what was the mistake? Choose any
three:

□ Your conversation with your best friend by using official mail.

□ iSOC didn’t provide the report about the transfer.
□ You didn’t verify the mail address of phishing mail.
□ You clicked the Please Open This Photo with blue colored
underlined txt.
□ Security Officer Didn't check the website where you provided the
password.
□ You Didn't break your monitor.

5. Suppose you are a Branch Manager of a Branch of Islami Bank Bangladesh Limited
and you got a mail like below:

CONGRATULATIONS...............................

We are delighted to inform you of your prize release on the 21st September, 2022
from the Central Bank Lottery programmer. Which is fully based on an electronic
selection of winners using their e-mail addresses, your name was attached to ticket
number 575061725 8056490902 serial number 6741137002 batch number
8056490902/188. You have won US$9,600,000.00(NINE MILLION SIX HUNDRED
THOUSAND DOLLARS). The winning price must be claim through www.claim-
winner-x.com

Yours Sincerely,
Mrs. LISA ADDISSON
(co-ordinator).

THANKS:
MANAGEMENT, AUSTRALIA LOTTO LOTTERY INC.

a) How you will recognise it as a phishing mail?

□ By reading the mail

□ By checking the mail
□ By clicking the website link attached with this mail.
□ Verifying it by replying the sender
 b) What steps will you take regarding this kind of mail?

□ By deleting the mail.

□ Report it as spam, forwarding to Mail admin and delete it from the
mailbox instantly.
□ Reply the sender
□ By clicking the website

c) What kind of mail is this?

□ Phishing Mail
□ Official Mail
□ Instruction Circular Mail
□ Lottery Winning Mail

d) How you are going to introduce this kind of mail to your Team regarding this
kind of phishing mail?

□ By clicking on the link

□ By forwarding it to the Team
□ By Awareness
□ Reply the sender

6. You are a Cash Officer of a Branch of Islami Bank Bangladesh Limited. A Trainee
Assistant Officer (Cash) has joined recently and doesn’t have any CASM account. You
provided him your username and password of CASM. Your Password was abc123. A
client of your branch has deposited Tk. 100000 in his account whereas a wrong
entry was made in eIBS which was Tk. 10000. The entry was made from your
account but you didn’t do it and You don’t remember you have provided the
password to newly joined official.

a) Who was liable for the wrongly entered amount?

□ You
□ Newly joined Official
□ Branch Manager
□ Cash In charge

b) Strength of Your Password is-

□ Strong
□ Medium
□ Weak
 c) You received an email from the Head of the Branch asking you for your
password. Since the email came from Branch Manager, it is okay to reply with
the information he requested.

□ True
□ False

d) Identify Strongest Password from Below:

□ Pass123
□ P@ss123
□ P@ss123#
□ 123pass

7. You searched on Google about how to be a smart banker from the PC under your
custodian. From the search result you have visited a site and it showed, “Click to
install this app to view How to be a smart Banker”

a) You must click on the link and install app.

□ True
□ False

b) You shall browse unauthorize website from your PC of the Bank.

□ True
□ False

c) You visited YouTube to view How to be a smart Banker. But as per direction and
Guidelines of Honorable Managing Director & CEO, an instruction circular was
initiated to restrict all kind of social network websites, Online cloud storage and
YouTube. What will you do?

□ Asks ICT Wing for the access to visit YouTube

□ You should obey the instructions

d) As per ICT Security Policy, in which section it was mentioned to not to use Social
Networks, Online cloud storage and Video sites during the office hours?

□ Section 4.10.2.i, Section 4.13, Terms & Conditions of Internet Access

□ Section 4.10.1, Section 4.13, Terms & Conditions of Internet Access
□ Section 4.10.2.i, Section 4.11, Terms & Conditions of Internet Access
□ Section 4.10.1, Section 4.11, Terms & Conditions of Internet Access
 e) Current Version of ICT Security Policy is:

□ 5.3
□ 5.4
□ 5.2
□ 5.5

8. Recently, the Pay-scale of Islami Bank Bangladesh Limited was restructured and You
posted it on a group of Facebook as well as shared it to your friends.

a) You shall inform all your Facebook friends, Family regarding internal issues and
Daily transactions of the Bank on regular basis.

□ True
□ False

b) As per Digital Services Act, 2018, What types of Punishment you are going to face
for sharing intellectual and confidential data?

□ 5years of jail or 5 lac Taka or both

□ 10 years of jail or 5 lac Taka or both
□ 5 years of jail or 10 lac Taka or both
□ No punishment

9. As per decision of the Management of the Bank, CITO & CISO has been appointed.
They will supervise and coordinate all of the Information Technology & Information
Security related issues.

a) What is the full form of CITO

□ Chief Information Transaction Officer

□ Chief Information Technical Officer
□ Chief Information Transfer Officer
□ Chief Information Technology Officer

b) What is the full form of CISO

□ Chief Information Security Officer

□ Chief Information Sanction Officer
□ Chief Information Server Officer
□ Chief Information Secretary Officer
10. You should write your password in a sticky note and hang it in your workstation

□ True
□ False

11. Suppose you friend wants to buy a course from udemy.com. He doesn’t have any
International Credit Card. He asked you for your help. You own an International
Credit Card and endorsed your passport. And you are willing to help your friend.

a) You should take a picture of your card and send it to your friend and ask him to
process it.
□ True
□ False

b) You shouldn’t provide your Full name, Card Number, Expiry Date, CVV to your
friend

□ True
□ False

c) You ask your friend to meet and process it by your own

□ True
□ False

1) Which are the basic goals of Information Security?

Answer:
A) Confidentiality, Integrity, Availability.
B) Continuity, Integrity, Availability.
C) Configuration, Integration, Affiliation.
D) Confidentiality, Integration, Availability.
2) What do you understand by “Risk” according to the declaration?
Answer:
A) User Risk.
B) Business Risk.
C) Regular Risk.
D) Investment Risk.
3) What do you understand by “Threat” according to the declaration?
Answer:
A) Regular Threat.
B) Operational Threat.
 C) Threat for Banking Business.
D) Threat for Investment Recovery.
4) What is the full form of “ISMS”?
Answer:
A) Information Security Monitoring System.
B) Information System Management System.
C) Information Security Management Strategy.
D) Information Security Management System.
5) What is the full form of PCIDSS?
Answer:
A) Payment Control Indication Data Security Standard.
B) Payment Card Industry Data Security Standard.
C) Payment Control Interview Data Security Standard.
D) Payment Card Industry Data Supply Standard.
6) Cyber Security related expenditure of an Organization should be treated as
…..
Answer:
A) Entertainment.
B) Expenditure.
C) Investment.
D) Others Cost.
7) Which month is observed as Cybersecurity Awareness month
internationally?
Answer:
A) July.
B) November.
C) March.
D) October.
8) “ISOC” stands for…
Answer:
A) Information Society Operation Center.
B) Information System Operation Center.
C) Information Security Observation Center.
D) Information Security Operation Center.
9) Which one is the Information Security related latest policy of IBBL?
Answer:
A) ICT Security Policy Version: 5.2
B) ICT Security Policy Version: 5.3
C) ICT Security Policy Version: 5.0
D) ICT Security Policy Version: 5.4
10) How many times we need to submit ICT Security Self-Assessment
Checklist yearly?
Answer:
 A) Only One time.
B) Two times.
C) Three times.
D) Four times.
11) ICT Security Self-Assessment Checklist submission is mandatory for
whom?
Answer:
A) All Branches.
B) All Branches and Sub-Branches.
C) All Branches and Divisions.
D) All Branches, Zone and Divisions.
12) Which is the mandatory step before introduce any new IT product
or services?
Answer:
A) Work Distribution.
B) Signed Agreement.
C) Take Security Bond.
D) Risk Assessment.
13) Ensuring Cyber Security is the ……
Answer:
A) responsibility of Safety and Security Division.
B) responsibility of ICT Wing.
C) responsibility of CITO.
D) responsibility of all.
14) How many points(sections) in the declaration of Honorable
Managing Director and CEO to Ensure Cyber Security for the year-2022?
Answer:
A) 11
B) 12
C) 13
D) 14
15) Ensuring Cyber Security is an important part of ……..
Answer:
A) Business Development.
B) Risk Minimize.
C) Risk Management.
D) Management.
16) Risk Assessment of service providers of the Bank is ……..
Answer:
A) Not Necessary.
B) Optional.
C) Applicable.
D) Mandatory.
17) The alignment of Cyber Security with Business Development and
Management is….
Answer:
A) Good.
B) Better.
C) Mandatory.
D) Not Important.
18) The breach of Cyber Security can incur …
Answer:
A) Financial Loss.
B) Reputation Loss.
C) Regulatory Loss.
D) Above All.
19) Please select the date of The Declaration of Honorable Managing
Director and CEO on Cyber Security.
Answer:
A) 01/01/2021
B) 02/01/2021
C) 01/01/2022
D) 02/01/2022
20) If someone fails to comply with requirements of Cyber Security,
which policy describes the applicable punishment?
Answer:
A) ICT Security Policy.
B) ICT Security Policy & HR Policy.
C) HR Policy.
D) Above all.

--------------------