All Practice Exams

100+ Free ECF Cybersecurity (Core) Practice Questions

Pass your HKIB ECF on Cybersecurity (Core Level) Examination exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
~65% Pass Rate
100+ Questions
100% Free

Loading practice questions...

2026 Statistics

Key Facts: ECF Cybersecurity (Core) Exam

80

MCQs

HKIB Guidelines

2.5 hours

Time Limit

HKIB Guidelines

70%

Passing Score

HKIB Guidelines

HKD 1,100

Exam Fee

HKIB Fee Schedule

QF Level 4

Qualifications Framework

HKIB ECF Framework

ACsP

Designation

HKIB ECF Framework

The HKIB ECF on Cybersecurity (Core Level) exam is a 2.5-hour test featuring 80 MCQs. A passing score of 70% is required to earn the Advanced Certificate and apply for the Associate Cybersecurity Professional (ACsP) designation.

Sample ECF Cybersecurity (Core) Practice Questions

Try these sample questions to test your ECF Cybersecurity (Core) exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which of the following layers of the OSI model is responsible for establishing, managing, and terminating communication sessions between applications?
A.Session Layer
B.Transport Layer
C.Application Layer
D.Presentation Layer
Explanation: The Session Layer (Layer 5) of the OSI model manages the sessions between applications by establishing, maintaining, and synchronizing dialogues. It determines how devices communicate (duplex, half-duplex) and handles session checkpointing and recovery.
2A network administrator needs to divide a Class C network (192.168.1.0/24) into subnets that can accommodate at least 25 hosts per subnet while maximizing the number of subnets. What subnet mask should the administrator use?
A./27
B./26
C./28
D./25
Explanation: To accommodate at least 25 hosts, the host portion must have enough bits such that 2^h - 2 >= 25. For h = 5, 2^5 - 2 = 30 hosts, which satisfies the requirement. Since a Class C network has 32 bits, the subnet prefix is 32 - 5 = /27, providing 8 subnets of 30 usable hosts each.
3Which of the following routing protocols is classified as a Link-State routing protocol?
A.OSPF
B.RIP
C.BGP
D.EIGRP
Explanation: OSPF (Open Shortest Path First) is a link-state routing protocol that utilizes the Dijkstra algorithm to calculate the shortest path. Link-state protocols require every router to build and maintain a complete topology map of the network area.
4A bank's internal network needs to securely resolve domain names to IP addresses without relying on external public resolvers. Which protocol provides authentication of DNS data to prevent DNS spoofing?
A.DNSSEC
B.DoH
C.DoT
D.LDAP
Explanation: DNSSEC (Domain Name System Security Extensions) provides cryptographic authentication of DNS data. It signs DNS records using public-key cryptography to ensure the integrity and authenticity of DNS resolutions, preventing poisoning and spoofing.
5During a security audit, a practitioner observes a device operating at Layer 2 of the OSI model that makes forwarding decisions based on destination MAC addresses. Which device is this?
A.Switch
B.Router
C.Hub
D.Repeater
Explanation: A network switch operates at Layer 2 (Data Link Layer) of the OSI model. It maintains a MAC address table to forward frames specifically to the port associated with the destination MAC address.
6If a bank operates 12 branches and requires a separate, dedicated symmetric key pair for secure communications between every possible pair of branches, how many unique keys must be generated and distributed?
A.66
B.144
C.132
D.24
Explanation: The number of unique symmetric keys required for N entities is calculated using the formula: N * (N - 1) / 2. For N = 12 branches, the calculation is 12 * 11 / 2 = 66 unique keys.
7Which cryptographic algorithm is a symmetric block cipher that supports key lengths of 128, 192, and 256 bits, and is the current industry standard for securing sensitive financial data?
A.AES
B.RSA
C.DES
D.RC4
Explanation: AES (Advanced Encryption Standard) is a symmetric block cipher approved by NIST that operates on 128-bit blocks and supports key sizes of 128, 192, and 256 bits. It is widely adopted by financial institutions for data encryption.
8A security analyst is reviewing a digital certificate. Which of the following fields in an X.509 certificate binds a public key to the identity of the certificate owner?
A.Subject
B.Issuer
C.Serial Number
D.Validity Period
Explanation: The Subject field in an X.509 certificate identifies the entity (e.g., domain name, organization, or individual) associated with the public key contained in the certificate.
9Which of the following is a primary security objective of asymmetric cryptography that cannot be easily achieved using symmetric cryptography alone?
A.Non-repudiation
B.Confidentiality
C.Availability
D.Data Integrity
Explanation: Non-repudiation is achieved in asymmetric cryptography using digital signatures. Because only the owner has access to their private key, a signature created by that key uniquely binds the owner to the transaction, preventing them from denying it.
10What is the primary function of a Certificate Revocation List (CRL) in a Public Key Infrastructure (PKI)?
A.To publish a list of certificates that have been invalidated before their scheduled expiration date
B.To archive expired certificates for regulatory auditing purposes
C.To distribute new public keys to clients automatically
D.To store private keys in a highly secure hardware security module
Explanation: A Certificate Revocation List (CRL) is a signed list published by a Certificate Authority (CA) that enumerates certificates that have been revoked prior to their expiration date (e.g., due to key compromise or employee departure).

About the ECF Cybersecurity (Core) Exam

The ECF on Cybersecurity (Core Level) Examination is a professional assessment administered by the Hong Kong Institute of Bankers (HKIB). It is designed to verify the foundational knowledge and competencies of banking practitioners under the HKMA's Cybersecurity Fortification Initiative (CFI). Achieving this qualification enables relevant practitioners to apply for the Associate Cybersecurity Professional (ACsP) designation, validating their skills in technical cybersecurity foundations, threats and attacks, security controls and monitoring, and IT risk management, audit, and security testing.

Assessment

80 multiple-choice questions

Time Limit

2 hours 30 minutes

Passing Score

70%

Exam Fee

HKD 1,100 (Hong Kong Institute of Bankers (HKIB))

ECF Cybersecurity (Core) Exam Content Outline

30%

Technical Foundations of Cybersecurity

Foundational networking protocols, OSI & TCP/IP models, network devices, subnetting, symmetric and asymmetric cryptography, hashing, digital signatures, PKI, and SSL/TLS.

25%

Cyber Security Threats, Vulnerabilities and Attacks

Common malware (viruses, worms, trojans, ransomware, spyware), software security (buffer overflows, injection attacks, XSS, CSRF), social engineering, DOS/DDoS, and network attacks.

25%

Cyber Security Controls and Monitoring

Security controls and defense in depth, firewalls, IDS/IPS, proxies, SIEM, logging and analysis, vulnerability scanning, patch management, and incident response phases.

20%

IT Risk Management, Audit and Security Testing

Risk assessment models, quantitative risk math (SLE/ARO/ALE), penetration testing types, security auditing, and HKMA cybersecurity standards (C-RAF, CFI pillars, iCAST).

How to Pass the ECF Cybersecurity (Core) Exam

What You Need to Know

  • Passing score: 70%
  • Assessment: 80 multiple-choice questions
  • Time limit: 2 hours 30 minutes
  • Exam fee: HKD 1,100

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

ECF Cybersecurity (Core) Study Tips from Top Performers

1Familiarize yourself with the 7 domains of C-RAF 2.0 (Governance, Identification, Protection, Detection, Response & Recovery, Situational Awareness, Third-Party Risk Management) and the iCAST testing criteria.
2Understand the key difference between symmetric (fast, single key) and asymmetric (slow, public/private keys) cryptography, including standard algorithms like AES, RSA, and SHA-256.
3Practice quantitative risk assessment calculations, especially calculating Single Loss Expectancy (SLE), Annualized Rate of Occurrence (ARO), and Annualized Loss Expectancy (ALE).
4Understand network topologies, DMZ setups, network segmentation, and the differences between stateless and stateful firewalls.
5Review the stages of the incident response lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) and standard mitigation strategies for common malware types.

Frequently Asked Questions

What is the ECF on Cybersecurity?

The Enhanced Competency Framework (ECF) on Cybersecurity is a localized, industry-wide competency framework developed by the HKMA and HKIB. It aims to establish common standards, professional development paths, and credentials for cybersecurity practitioners in the Hong Kong banking sector.

What qualification do I receive upon passing the ECF Cybersecurity Core exam?

Candidates who successfully pass the exam receive the 'Advanced Certificate for ECF on Cybersecurity'. This meets the academic requirement to apply for the Associate Cybersecurity Professional (ACsP) designation, provided they are employed by an Authorized Institution (AI).

What is the format and duration of the examination?

The examination is a 2-hour 30-minute closed-book test consisting of 80 multiple-choice questions. It evaluates candidates' conceptual understanding and practical application of cybersecurity principles in a banking context.

What is the passing score for the exam?

The passing score is 70%. Candidates must correctly answer at least 56 out of 80 questions to pass.

What are the three pillars of the HKMA's Cybersecurity Fortification Initiative (CFI)?

The CFI consists of three pillars: (1) Cyber Resilience Assessment Framework (C-RAF) to assess risk and maturity, (2) Professional Development Programme (PDP) for training and certification, and (3) Cyber Intelligence Sharing Platform (CISP) for collaborative threat intelligence sharing.

What is the maintenance requirement for the ACsP designation?

To maintain the ACsP designation, holders must remain HKIB members and complete a minimum of 20 hours of Continuing Professional Development (CPD) each calendar year (and at least 120 CPD hours over every 3-year period), including at least 3 hours of topics related to professional ethics, compliance, or relevant law.