Most devastating loss to the bank is:

Loss of hardware

Loss of data

Loss of software

Loss of printouts

Your security settings are not allowing you to download an important e-mail attachment sent by your customer. What should
you do?
Disable the security settings temporarily and download attachment

Explain the issue to the customer and request them to reshare the attachment in different format

Inform IT helpdesk about the issue and ask them to help with the same

Ignore the mail, it could be a phishing scam!

An employee does the following activities using the internet at work. Which of these activities are allowed?
Download or upload obscene, offensive or illegal material

Only job-related activities such as research and educational tasks

Send confidential information to unauthorized recipients

Playing of any games

Your colleague has sent confidential information to unauthorized recipients. What does this indicate?
Proper usage

Breach of policy

Invalid action

All of the above

Which Digital Rights Management solution do we use at ICICI?

Locklizard

Seclore

Primetime

SAP

Information Security is the process of

Protecting Information

Sharing Information

Destroying Information
 Transferring Information

What type of phishing attack happens through SMS?

Denial of Service attack

Brute Force

Smishing

Vishing

What does malware stand for?

Antivirus Solution

Malicious Software

Email attachment

Virus

Your official IT assets battery life has reduced drastically over the last few days. What should you do?
Find solution on internet and solve the problem immediately

Contact the helpdesk and ask for assistance

Change the system settings on your own to tweak battery performance

Ask your tech-wiz friend to help sort the problem

Raj is an employee of the bank and he is loyal and honest towards his work. One day he comes to know that one of his
colleague who is also his friend is involved in a suspicious activity, which can lead to data breach. No one knows about this
except Raj, what should he do now?
He should ignore because no one knows about this.

He should warn his colleague that he is involved in illegitimate activity and he will inform his manager regarding this.

He must go to his reporting authority and inform him/her about his findings.

He should inform Information Security Group about this.

Which of the following are characteristics of Internal Data?

User authorization is based on a ‘need to know’ basis for business operations

Not accessible for unauthorized external entities

Information deemed for usage within ICICI

Availability limited to specific functions, groups or roles

Jennifer receives an email claiming that her bank account information has been lost and that she needs to click a link to
update the bank’s database. However, she doesn’t recognize the bank, because it is not one she does business with. What
type of attack is she being targeted with?
Piggybacking/Tailgating

Phishing

Vishing

Bank attack

Which action from list below can help restrict a malware attack?
Immediately clicking on links with urgent actions like - 'Urgent! Your security has been breached'

Ensuring the firewall and antivirus are always turned on and up to date

Disconnecting the device from the network

Downloading attachments without scanning for virus to avoid delays

If required, sensitive documents should be disposed using secure means of disposal such as shredder .
True

False

Which of the following are the characteristics of a strong password?

It is at least 8 characters long

It contains your username, real name or company name

It is significantly different from previous password

It contains a complete dictionary word

Which of the following is a part of clear desk & clear screen policy?
Do not post or leave confidential or sensitive information on your desk or screen

Always store confidential documents, sensitive or personal information in locked cabinets

Do not dispose confidential documents in the dustbins

All of the above

Data Classification is:

Act of classification of information based on sensitivity

Process of onboarding a new client

Act of organizing daily events

A guide to perform tasks

Which of the following is true about phishing attacks?
It is a social engineering attack

It involves sending fake emails or communication to scam readers into clicking on fraudulent links and attachments

It can be generic or targeted

All of the above

You are sitting in a café with your friend after work when your boss calls up, asking you to share some confidential data
urgently. How do you respond?
Connect to the café's open Wi-Fi immediately and share the file

Request access to your friend's device to send the information

Share your e-mail ID and password with your boss and ask them to retrieve the file from your mail
Ensure that you are in a private place and that you are not connected to a public network before sending the
information

What should you do if you suspect you have received a phishing email?
Forward the email to reportphishing@icicibank.com

Select "Reply All" when forwarding the email

Ignore it and continue with your work

Click on the links in the email to verify

It is appropriate to upload sensitive information on file sharing sites or social networks

True

False

You receive a suspicious email requesting urgent action. What should you do?
Do not trust unexpected emails

Keep a careful eye on domain name

Trust the email and perform the requested action

Download the attachments

Clear desk & clear screen policy enables users to:

Protect confidential information

Increase work efficiency

Achieve targets

All of the above

Individuals who need and use ICICI data as part of their assigned duties or in fulfilment of assigned roles or functions within
ICICI are called
Data Owners

Data Custodians

Data Users

Data Sharers

Which of these is a preventive measure against a ransomware attack?

Making frequent backups

Avoid clicking on links or downloading suspicious attachments

Avoid clicking on pop ups

All of the above

DLP software detects potential data breaches and prevent them by monitoring, detecting and blocking sensitive data while in
use, in motion, and at rest. Is this statement is true or false?
True

False

What is public data?

Information explicitly approved by management for release to public

Not accessible for unauthorized external entities

Information deemed for usage within ICICI

Availability limited to specific functions, groups or roles

An electrician comes to your desk and asks you to step aside for a minute as he needs to check whether all the sockets on
your workstation are functional. What do you do?
Lock the device, files and cabinets, step aside but keep a watch on what he is doing

Step away immediately and go for a coffee break while the electrician is at work

A large file is getting downloaded, so keep the screen on while you step away

All of the above

Select all correct options. Human Firewalls are:

Security-aware individuals

Individuals who understand that Information Security is of vital importance

Individuals who don't care about security

Individuals who are not aware about security

In phishing, attackers target using ________ to do social engineering
Email

Operating System

Wi-Fi Network

Surveillance camera

A former colleague approaches you at work and requests access to your device for a few minutes to fill a form that is
required by the HR department. How do you respond?
Allow the colleague to use your device while you grab your coffee

Warn the colleague to not download any attachments from unknown sources and let them use your device

Explain that this would be against the security policy and politely decline

Ask your manager for permission and if the manager allows it, let the colleague use your device

You receive a phone call from an unknown person asking for PII of a customer. What kind of attack could this be?
USB attack

Vishing attack

Phishing attack

Man-in-the-middle attack

What type of attack happens when an attacker simply walks in behind a person who has legitimate access?
Phishing

Ransomware

Brute Force

Tailgating

In what way can a malware use your device to perform breach of security? Select the correct options.
Log your keystrokes. Example: confidential information, passwords

Access or erase your files

Control your computer to spy on you. Example: Webcam, microphone

All of the above

Inappropriate email forwards is against the security policy

True

False
Select the unauthorized data transmission from the below statements:
Sending sensitive information to personal email Ids (even with good intention)

Sending sensitive information from official account to another official account for business requirement
Sending sensitive information to any external party who does not have a legitimate business need to receive such
information
Sending documents to personal email IDs of employees of service providers or partner agencies instead of their
official IDs

Your friend is visiting you at work and wants to check his e-mail urgently. How do you respond?
Allow him to access his account from your company device

Allow him to plug-in his device to the bank's network to access the internet

Let him use your colleague's device while your colleague is on a lunch break

Explain to your friend that you cannot give him access to company network as it is against the security policy

Information security is ______ responsibility. Select the most appropriate option.

IT Cell's

Customer Support's

Everyone's

All of the Above

___________ is a special form of attack using which hackers exploit – human psychology.
Cross Site Scripting

Social Engineering

Mechanical Engineering

Denial of Service attack

You are sitting in a café with your friend after work when your boss calls up, asking you to share some confidential data
urgently. How do you respond?
Connect to the café's open Wi-Fi immediately and share the file

Request access to your friend's device to send the information

Share your e-mail ID and password with your boss and ask them to retrieve the file from your mail
Ensure that you are in a private place and that you are not connected to a public network before sending the
information

You receive an email from HR@hroficici.com asking you to send your full name, login username, password, and date of
birth for employee appraisal. What would you do?
Reply with the details immediately

Forward the email to your manager to check authenticity

 Delete the email as it could be a phishing email

Forward the email to reportphishing@icicibank.com

Which of the following is a type of malware? Click correct options.

Internal Data

Ransomware

Trojan

Encrypted Files

Which of the following is PII?

Full Name

Birthdate

Account number

All of the Above

What are the characteristics of Confidential data?

Information that is considered private by an individual

Availability limited to specific functions, groups or roles

User authorization based on a ‘need to know’ basis for business operations

Information deemed for usage within ICICI

Which of the following is incorrect?

Our privacy can be threatened when we share too much information online

PII stands for personally identifiable information

The internet has made it hard to collect PII

PII is any information that can be used to identify a single person

What are the important components of Triad of information security?

Integrity

Availability

Confidentiality

Vulnerability
Unauthorized use of another persons email is a violation of the policy
True

False

DLP helps to:

Protect bank's sensitive and confidential data from being shared outside bank’s internal network.

Destroy equipment securely

Allow visitors access to the building

Access unauthorized content

What should employees do upon resignation?

Keep the assigned devices for themselves

Dispose off the assigned devices

Surrender all their official devices to their manager or local IT personnel (as per the policy) to receive the required
clearance
All of the above
Which of the following is true with regards to IT assets as per the policy?
It is your responsibility to ensure that all the assets are correctly mapped against your name
If an asset is mapped to an outsource employee in your team, then you will be mapped as the primary owner of the
asset
As a primary owner you need to ensure tracking of these assets and adherence to security controls

All of the above

Which of the following is NOT a social engineering attack?

Phishing

Vishing

Smishing

Denial of Service attack

A confidential file needs to be forwarded to the finance department. Who all should be kept in loop?
Your manager, your department head and the common e-mail ID shared by the finance team

Your entire team, so that everybody is on same page on the file shared

People who fall under the 'need to know' principle

Your manager only; he will forward it to the concerned person as per his discretion
Unauthorized relocation of equipment inside the premises is violation of the security policy
True

False

You want to leave your workstation. What should you do before you leave?
Leave the documents on table as office premises are guarded and Apply Privilege Leave

Lock cabinets containing documents with sensitive information

Discard confidential documents in the dustbin under the desk

Post difficult passwords on desk to avoid getting locked out of system

Which of the following are genuine ICICI bank domains?

https://loan.icicibank.com

https://icicibank.com

https://icici.bank.com

https://icicibank.loan.com

Which of the following are part of visitor management guidelines?

Visitor entry is restricted in server rooms and data centres

Public tours of computer facilities is prohibited

Visitors are required to sign-in at the reception and wear a visitor’s badge

All of the above

All users are required to read the _____

i. ISSP

ii. Group Code of Business Conduct and Ethics

Both i and ii

None of the above

You receive the following communication on email: Please clear payment of this critical and sensitive invoice. I will be on
vacation and unavailable - CEO. What do you do?
Pay immediately to avoid vendor dissatisfaction

Forward the email to finance department and ask them to take it up on priority

Ignore it and continue with your work

Report the suspicious email to reportphishing@icicibank.com

What is the main purpose of DLP in the bank?
End users do not send critical information outside the corporate network.

Restrict users to send data to different departments of the bank.

Restrict user to transfer data from one branch location to other branch location of the bank.

All of the above

Breach of Bank's Information security policy could result into

i. Strict punitive actions

ii. Disciplinary measures

Both i and ii

None of the Above

What type of attack can happen when an attacker leaves an USB stick lying for an employee to plug in?
Phishing

Tailgating

Brute Force

USB attack

Which of the following should be done for Data Leakage Prevention?

Only use personal data for the purpose for which it is required

Ensure minimum sharing of sensitive or critical data and to authorized party only

If you come across to any incident and data breach, report to ISG immediately

None of the above

You see the message " Your computer is infected with a virus. Please click on the below link to remove it". What should you
do?
Click on the link

Ignore it and continue with your work

Figure out how to remove the "virus" and attempt to do it

Contact the Helpdesk/ISG Team