Chapter 48: Security Considerations and Mitigation Measures in Banks (JAIIB – Paper 2)

1. Which of the following is considered a major risk concern area in banking technology?

  • A. Manual ledger reconciliation
  • B. Staff attrition
  • C. Branch expansion
  • D. Cybersecurity threats
Cybersecurity threats are a major risk concern in banking technology because digital banking channels are highly exposed to frauds, hacking, phishing, and malware attacks.

2. Phishing attacks on customers mainly target which type of banking service?

  • A. Internet and mobile banking
  • B. Locker facility
  • C. Cash deposit machines
  • D. Cheque clearing system
Phishing attacks commonly occur in online banking and mobile banking where fraudsters send fake links or messages to capture customer credentials.

3. Which of the following is an example of a Denial of Service (DoS) attack on banks?

  • A. Unauthorized access to ATM PINs
  • B. Planting keyloggers on devices
  • C. Flooding the bank server with traffic to make services unavailable
  • D. Stealing debit card details through skimming
In a DoS attack, hackers overwhelm bank servers with excessive traffic, disrupting genuine customer access to online banking.

4. Insider threat in banking security refers to:

  • A. Hacking of systems from abroad
  • B. Fraud or misuse of data by bank employees or contractors
  • C. Malware attacks from external sources
  • D. Natural disasters affecting IT systems
Insider threats occur when bank staff misuse system access or data, either intentionally or negligently, posing a major operational risk.

5. Which of the following threats involves fraudsters capturing card details by placing unauthorized devices on ATMs or POS machines?

  • A. Phishing
  • B. Spoofing
  • C. Malware injection
  • D. Skimming
Skimming involves use of hidden devices on ATMs/POS to steal debit or credit card details and clone cards for fraudulent transactions.

6. Which of the following is a primary objective of internal control mechanisms in banks?

  • A. To reduce employee workload
  • B. To increase profitability directly
  • C. To ensure accuracy, reliability, and security of financial operations
  • D. To improve customer service speed
Internal control mechanisms are designed to ensure accuracy, safeguard assets, prevent fraud, and maintain reliability in financial and operational processes.

7. Segregation of duties in banking systems is an example of which type of control measure?

  • A. Preventive control
  • B. Detective control
  • C. Corrective control
  • D. Compensatory control
Segregation of duties is a preventive control that reduces the chance of fraud by ensuring that no single person handles an entire transaction process end-to-end.

8. Computer Audit in banks primarily focuses on:

  • A. Reviewing customer grievances
  • B. Ensuring regulatory compliance of loan disbursal
  • C. Verifying physical cash balance
  • D. Evaluating IT systems, controls, and data security
Computer Audit ensures that IT systems in banks are secure, controls are effective, and data integrity and confidentiality are maintained.

9. Which of the following is a detective control in banking technology?

  • A. Biometric login authentication
  • B. Exception reports generated by Core Banking System
  • C. Encryption of customer data
  • D. Firewalls in bank networks
Exception reports are detective controls that help auditors and management identify unusual or suspicious transactions after they occur.

10. In a Computer Audit, “Access Control Review” mainly verifies:

  • A. Whether only authorized users have system access
  • B. The interest rates charged to customers
  • C. Physical cash verification in branches
  • D. Loan approval authority of branch manager
Access control review ensures that banking applications are accessible only to authorized personnel, reducing insider fraud and external threats.

11. The primary objective of an Information System (IS) Audit in banks is to:

  • A. Check compliance of loan documentation
  • B. Ensure staff are following HR policies
  • C. Evaluate the effectiveness of IT controls, data security, and system reliability
  • D. Verify cash balance and vault security
IS Audit focuses on IT systems, controls, and security, ensuring the integrity, confidentiality, and availability of information used in banking operations.

12. Which of the following is NOT a component of IS Audit?

  • A. Access control audit
  • B. Customer grievance redressal audit
  • C. Data integrity audit
  • D. Disaster recovery audit
IS Audit covers IT systems, security, access, data integrity, and recovery controls. Customer grievance handling is part of operational audit, not IS audit.

13. Which principle of IS Security ensures that only authorized users can access data?

  • A. Availability
  • B. Integrity
  • C. Auditability
  • D. Confidentiality
Confidentiality in IS Security ensures that sensitive banking information is accessible only to authorized individuals.

14. A bank’s disaster recovery site helps ensure which principle of Information System Security?

  • A. Availability
  • B. Confidentiality
  • C. Integrity
  • D. Authenticity
Disaster recovery ensures that banking systems remain available even in case of system crashes, natural disasters, or cyberattacks.

15. Digital signatures in banking transactions mainly ensure:

  • A. Data availability
  • B. Data integrity and authenticity
  • C. Confidentiality of passwords
  • D. System redundancy
Digital signatures validate the authenticity of the sender and ensure that the transaction data has not been tampered with, thus ensuring integrity.

16. Fraudsters send fake emails appearing to be from banks and ask customers to share login credentials. This type of fraud is known as:

  • A. Spoofing
  • B. Vishing
  • C. Skimming
  • D. Phishing
Phishing is a fraud method where fake emails or links are used to trick customers into revealing sensitive information such as passwords and OTPs.

17. SIM swap fraud is mainly carried out to:

  • A. Block customer debit cards
  • B. Gain access to OTPs sent by banks for authentication
  • C. Send fake promotional offers to customers
  • D. Create duplicate Aadhaar numbers
In SIM swap fraud, fraudsters obtain a duplicate SIM linked to the victim’s mobile number to intercept OTPs and conduct unauthorized transactions.

18. Cyber security awareness among bank staff and customers is important mainly to:

  • A. Prevent social engineering attacks like phishing and vishing
  • B. Reduce cost of banking operations
  • C. Increase the number of digital accounts
  • D. Improve physical branch security
Most online frauds succeed due to lack of awareness. Educating staff and customers about cyber hygiene prevents frauds like phishing, malware, and SIM swap.

19. Which of the following is a key requirement in evaluating IT resources of a bank?

  • A. Checking branch profitability
  • B. Measuring staff efficiency
  • C. Assessing system capacity, performance, and scalability
  • D. Monitoring customer complaint resolution
IT resource evaluation focuses on assessing whether hardware, software, and networks can handle current workloads and scale for future banking needs.

20. In IT resource evaluation, Business Continuity Planning (BCP) is mainly concerned with:

  • A. Enhancing staff productivity
  • B. Expanding bank branch network
  • C. Reducing loan defaults
  • D. Ensuring uninterrupted banking services during system failures
BCP ensures continuity of essential banking services in case of IT breakdowns, disasters, or cyberattacks, reducing downtime and financial loss.

21. The primary objective of Disaster Recovery Management (DRM) in banks is to:

  • A. Reduce cost of IT operations
  • B. Restore critical banking services quickly after a system failure
  • C. Increase customer acquisition
  • D. Eliminate insider fraud completely
Disaster Recovery Management ensures that essential banking services can be restored quickly after disruptions like cyberattacks, hardware failures, or natural disasters.

22. Which of the following is a key component of a bank’s Disaster Recovery Plan (DRP)?

  • A. Loan restructuring guidelines
  • B. Staff rotation policy
  • C. Backup of critical data and alternate IT infrastructure
  • D. Annual customer awareness surveys
DRPs include backup systems, data replication, and alternate IT facilities to ensure minimal downtime and business continuity.

23. Under the Information Technology Act, 2000, which of the following holds legal recognition in India?

  • A. Verbal agreements
  • B. Paper receipts only
  • C. Handwritten signatures only
  • D. Electronic records and digital signatures
The IT Act, 2000 provides legal recognition to electronic records and digital signatures, enabling secure electronic transactions in India.

24. Which section of the IT Act, 2000 deals with legal recognition of electronic records?

  • A. Section 4
  • B. Section 10A
  • C. Section 43
  • D. Section 66C
Section 4 of the IT Act, 2000 provides legal recognition to electronic records, treating them equivalent to paper-based records.

25. As per the IT Act, which authority certifies digital signatures in India?

  • A. RBI
  • B. NPCI
  • C. Controller of Certifying Authorities (CCA)
  • D. SEBI
The Controller of Certifying Authorities (CCA), under the IT Act, is the statutory body responsible for regulating digital signature certificates in India.

26. The G. Gopalakrishna Committee (2011) was constituted by RBI to give recommendations on:

  • A. Priority Sector Lending norms
  • B. Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds
  • C. Capital Adequacy Framework
  • D. Asset Classification Norms
RBI constituted the G. Gopalakrishna Committee to strengthen information security, technology risk management, and fraud prevention in banks.

27. As per the Gopalakrishna Committee recommendations, banks must conduct:

  • A. Annual customer satisfaction surveys
  • B. Loan portfolio reviews every month
  • C. Regular IS Audit and Vulnerability Assessment & Penetration Testing (VAPT)
  • D. Training on marketing strategies
The committee emphasized mandatory IS Audit and periodic VAPT to detect and plug security gaps in banking systems.

28. The RBI issued a Cyber Security Framework for Banks in which year?

  • A. 2005
  • B. 2009
  • C. 2012
  • D. 2016
RBI released the Cyber Security Framework in 2016, making it mandatory for banks to have board-approved cyber security policies and real-time monitoring systems.

29. According to the Cyber Security Framework, banks must report unusual cyber incidents to:

  • A. RBI immediately
  • B. Ministry of Finance
  • C. SEBI
  • D. Indian Banks’ Association (IBA)
Banks must report all unusual cyber incidents and major breaches to RBI immediately for regulatory monitoring and further guidance.

30. Which of the following is NOT a requirement under RBI’s Cyber Security Framework for Banks?

  • A. Board-approved cyber security policy
  • B. Mandatory customer referral program
  • C. Continuous surveillance of IT systems
  • D. Cyber Crisis Management Plan (CCMP)
RBI’s Cyber Security Framework emphasizes cyber crisis management, real-time monitoring, and board-level oversight — not marketing activities like referral programs.

31. The Integrated Ombudsman Scheme (IOS), 2021 launched by RBI is based on the principle of:

  • A. One Bank, One Ombudsman
  • B. One Complaint, One Resolution
  • C. One Nation, One Ombudsman
  • D. One Customer, One Grievance Cell
The IOS 2021 is based on the principle of “One Nation, One Ombudsman,” integrating earlier ombudsman schemes into a single framework.

32. The Integrated Ombudsman Scheme, 2021 came into effect from:

  • A. November 12, 2021
  • B. January 1, 2022
  • C. March 31, 2021
  • D. August 15, 2021
RBI launched the IOS on November 12, 2021, by merging the Banking Ombudsman, NBFC Ombudsman, and Digital Ombudsman schemes.

33. Under IOS 2021, complaints can be filed through:

  • A. Only physical letters to RBI
  • B. Only through banks’ grievance cells
  • C. Only through consumer forums
  • D. Centralized Complaint Management System (CCMS) portal, email, or post
IOS 2021 allows customers to file complaints through the CCMS portal, email, or physical post for better accessibility.

34. Which of the following schemes were merged into the Integrated Ombudsman Scheme, 2021?

  • A. Banking Ombudsman Scheme only
  • B. Banking Ombudsman Scheme, Ombudsman Scheme for NBFCs, and Ombudsman Scheme for Digital Transactions
  • C. Banking Ombudsman and Insurance Ombudsman
  • D. Consumer Ombudsman and Banking Ombudsman
The Integrated Ombudsman Scheme unified the three earlier ombudsman schemes into one common platform for grievance redressal.

35. Who is the Appellate Authority under the Integrated Ombudsman Scheme, 2021?

  • A. The Executive Director-in-Charge of the Consumer Education and Protection Department, RBI
  • B. Ministry of Finance
  • C. Indian Banks’ Association
  • D. SEBI
The Executive Director of RBI’s CEPD (Consumer Education and Protection Department) acts as the Appellate Authority for IOS.

Post a Comment