100+ Free ECF Cybersecurity (Core) Practice Questions
Pass your HKIB ECF on Cybersecurity (Core Level) Examination exam on the first try — instant access, no signup required.
Loading practice questions...
Explore More HKIB Enhanced Competency Framework Modules
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
Key Facts: ECF Cybersecurity (Core) Exam
80
MCQs
HKIB Guidelines
2.5 hours
Time Limit
HKIB Guidelines
70%
Passing Score
HKIB Guidelines
HKD 1,100
Exam Fee
HKIB Fee Schedule
QF Level 4
Qualifications Framework
HKIB ECF Framework
ACsP
Designation
HKIB ECF Framework
The HKIB ECF on Cybersecurity (Core Level) exam is a 2.5-hour test featuring 80 MCQs. A passing score of 70% is required to earn the Advanced Certificate and apply for the Associate Cybersecurity Professional (ACsP) designation.
Sample ECF Cybersecurity (Core) Practice Questions
Try these sample questions to test your ECF Cybersecurity (Core) exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1Which of the following layers of the OSI model is responsible for establishing, managing, and terminating communication sessions between applications?
2A network administrator needs to divide a Class C network (192.168.1.0/24) into subnets that can accommodate at least 25 hosts per subnet while maximizing the number of subnets. What subnet mask should the administrator use?
3Which of the following routing protocols is classified as a Link-State routing protocol?
4A bank's internal network needs to securely resolve domain names to IP addresses without relying on external public resolvers. Which protocol provides authentication of DNS data to prevent DNS spoofing?
5During a security audit, a practitioner observes a device operating at Layer 2 of the OSI model that makes forwarding decisions based on destination MAC addresses. Which device is this?
6If a bank operates 12 branches and requires a separate, dedicated symmetric key pair for secure communications between every possible pair of branches, how many unique keys must be generated and distributed?
7Which cryptographic algorithm is a symmetric block cipher that supports key lengths of 128, 192, and 256 bits, and is the current industry standard for securing sensitive financial data?
8A security analyst is reviewing a digital certificate. Which of the following fields in an X.509 certificate binds a public key to the identity of the certificate owner?
9Which of the following is a primary security objective of asymmetric cryptography that cannot be easily achieved using symmetric cryptography alone?
10What is the primary function of a Certificate Revocation List (CRL) in a Public Key Infrastructure (PKI)?
About the ECF Cybersecurity (Core) Exam
The ECF on Cybersecurity (Core Level) Examination is a professional assessment administered by the Hong Kong Institute of Bankers (HKIB). It is designed to verify the foundational knowledge and competencies of banking practitioners under the HKMA's Cybersecurity Fortification Initiative (CFI). Achieving this qualification enables relevant practitioners to apply for the Associate Cybersecurity Professional (ACsP) designation, validating their skills in technical cybersecurity foundations, threats and attacks, security controls and monitoring, and IT risk management, audit, and security testing.
Assessment
80 multiple-choice questions
Time Limit
2 hours 30 minutes
Passing Score
70%
Exam Fee
HKD 1,100 (Hong Kong Institute of Bankers (HKIB))
ECF Cybersecurity (Core) Exam Content Outline
Technical Foundations of Cybersecurity
Foundational networking protocols, OSI & TCP/IP models, network devices, subnetting, symmetric and asymmetric cryptography, hashing, digital signatures, PKI, and SSL/TLS.
Cyber Security Threats, Vulnerabilities and Attacks
Common malware (viruses, worms, trojans, ransomware, spyware), software security (buffer overflows, injection attacks, XSS, CSRF), social engineering, DOS/DDoS, and network attacks.
Cyber Security Controls and Monitoring
Security controls and defense in depth, firewalls, IDS/IPS, proxies, SIEM, logging and analysis, vulnerability scanning, patch management, and incident response phases.
IT Risk Management, Audit and Security Testing
Risk assessment models, quantitative risk math (SLE/ARO/ALE), penetration testing types, security auditing, and HKMA cybersecurity standards (C-RAF, CFI pillars, iCAST).
How to Pass the ECF Cybersecurity (Core) Exam
What You Need to Know
- Passing score: 70%
- Assessment: 80 multiple-choice questions
- Time limit: 2 hours 30 minutes
- Exam fee: HKD 1,100
Keys to Passing
- Complete 500+ practice questions
- Score 80%+ consistently before scheduling
- Focus on highest-weighted sections
- Use our AI tutor for tough concepts
ECF Cybersecurity (Core) Study Tips from Top Performers
Frequently Asked Questions
What is the ECF on Cybersecurity?
The Enhanced Competency Framework (ECF) on Cybersecurity is a localized, industry-wide competency framework developed by the HKMA and HKIB. It aims to establish common standards, professional development paths, and credentials for cybersecurity practitioners in the Hong Kong banking sector.
What qualification do I receive upon passing the ECF Cybersecurity Core exam?
Candidates who successfully pass the exam receive the 'Advanced Certificate for ECF on Cybersecurity'. This meets the academic requirement to apply for the Associate Cybersecurity Professional (ACsP) designation, provided they are employed by an Authorized Institution (AI).
What is the format and duration of the examination?
The examination is a 2-hour 30-minute closed-book test consisting of 80 multiple-choice questions. It evaluates candidates' conceptual understanding and practical application of cybersecurity principles in a banking context.
What is the passing score for the exam?
The passing score is 70%. Candidates must correctly answer at least 56 out of 80 questions to pass.
What are the three pillars of the HKMA's Cybersecurity Fortification Initiative (CFI)?
The CFI consists of three pillars: (1) Cyber Resilience Assessment Framework (C-RAF) to assess risk and maturity, (2) Professional Development Programme (PDP) for training and certification, and (3) Cyber Intelligence Sharing Platform (CISP) for collaborative threat intelligence sharing.
What is the maintenance requirement for the ACsP designation?
To maintain the ACsP designation, holders must remain HKIB members and complete a minimum of 20 hours of Continuing Professional Development (CPD) each calendar year (and at least 120 CPD hours over every 3-year period), including at least 3 hours of topics related to professional ethics, compliance, or relevant law.