All Practice Exams

100+ Free IIBF Cyber Crimes & Fraud Practice Questions

Pass your IIBF Certificate in Prevention of Cyber Crimes and Fraud Management exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
not-published Pass Rate
100+ Questions
100% Free

Loading practice questions...

2026 Statistics

Key Facts: IIBF Cyber Crimes & Fraud Exam

120 MCQs

Total questions in the official exam

IIBF official syllabus rules

60 / 100

Minimum passing score

IIBF Rules & Syllabus

2 hours

Duration of the exam

IIBF official rules

Remote-Proctored

Examination delivery mode

IIBF registration portal

IIBF Prevention of Cyber Crimes and Fraud Management: 120 questions in 2 hours, pass score of 60, no negative marking. Cost is ₹1,100 (members) / ₹1,600 (non-members) + GST. Open to 12th pass students and bankers.

Sample IIBF Cyber Crimes & Fraud Practice Questions

Try these sample questions to test your IIBF Cyber Crimes & Fraud exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1What is the primary objective of social engineering attacks in banking?
A.To exploit software vulnerabilities in database systems
B.To manipulate individuals into performing actions or divulging confidential information
C.To compromise network routers by cracking physical encryption
D.To intercept magnetic stripe details using card readers
Explanation: Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In banking, it typically involves tricking employees or customers into sharing passwords, OTPs, or credentials rather than attacking the technical infrastructure directly.
2A customer receives a phone call from an individual claiming to be a bank officer, requesting urgent verification of their NetBanking PIN. What type of social engineering attack is this?
A.Smishing
B.Phishing
C.Vishing
D.Baiting
Explanation: Vishing, or voice phishing, refers to phone calls made to target individuals to obtain sensitive information like banking credentials or OTPs. Vishing uses spoofed phone numbers, voice messages, or interactive voice response (IVR) systems to impersonate legitimate organizations.
3Registering domain names that look very similar to popular banking websites in order to profit from typos or confuse customers is known as what?
A.Cyber squatting
B.Cyber extortion
C.SQL injection
D.Phishing
Explanation: Cybersquatting is the bad faith registration of domain names that contain trademarked names or are deceptively similar, intending to exploit them for resale, traffic redirection, or phishing scams. Typosquatting is a specific form of cybersquatting targeting mistyped domains.
4In the context of computer vulnerabilities, what does the term 'Zero-Day vulnerability' refer to?
A.A flaw that takes zero days to patch once discovered
B.A security vulnerability that is actively exploited before the software vendor has released a patch
C.A vulnerability that exists only in legacy software systems with zero active users
D.A security issue that requires zero technical skills to exploit
Explanation: A Zero-Day vulnerability is an unpatched software flaw that is unknown to the vendor or has just been discovered, leaving zero days for defense until a patch is developed. Security teams face high risk during this window because signature-based defenses are often ineffective.
5Which of the following best describes the ethical profile of a 'Grey Hat' hacker?
A.Hackers who operate entirely within the law to discover vulnerabilities with explicit permission
B.Hackers who break into systems with malicious intent for personal financial gain
C.Hackers who may violate laws or ethical standards but without malicious intent, often disclosing flaws to owners
D.Hackers who target governmental systems exclusively for geopolitical or ideological reasons
Explanation: Grey Hat hackers occupy the middle ground between White Hats (ethical/authorized) and Black Hats (malicious/unauthorized). They may access systems without permission (violating laws) to find vulnerabilities, but they typically disclose them to the vendor rather than exploiting them for damage or theft.
6An email targeted specifically at the Chief Financial Officer (CFO) of a bank, disguised as a regulatory notice from the Reserve Bank of India, is an example of which attack?
A.Whaling
B.Baiting
C.Pharming
D.Tailgating
Explanation: Whaling is a highly targeted phishing attack (spear phishing) aimed at high-profile executives like CEOs, CFOs, or board members who hold significant authorization privileges. The messages are highly customized and often mimic legal or regulatory communication to ensure compliance.
7A bank's internal servers are infected with malware that encrypts database records and demands payment in cryptocurrency for the decryption key. What category of cyber threat is this?
A.Spyware
B.Ransomware
C.Adware
D.Trojan Horse
Explanation: Ransomware is a type of malware designed to block access to a computer system or data, typically by encrypting files, until a sum of money (ransom) is paid. Payments are usually demanded in cryptocurrencies to preserve the attacker's anonymity.
8Which of the following describes a Distributed Denial of Service (DDoS) attack?
A.Decrypting client-server traffic by intercepting Wi-Fi router frames
B.Flooding a banking website with massive volumes of traffic from multiple compromised sources to render it unavailable
C.Injecting malicious code into online forms to extract database contents
D.Sending deceptive text messages to customers asking for credit card numbers
Explanation: A DDoS attack attempts to disrupt normal traffic to a targeted server, service, or network by overwhelming it with a flood of Internet traffic. It achieves this by using multiple compromised computer systems (a botnet) as sources of attack traffic.
9Which security vulnerability is exploited when an application writes more data to a memory buffer than the buffer is allocated to hold, thereby overwriting adjacent memory?
A.Buffer Overflow
B.Cross-Site Request Forgery (CSRF)
C.Directory Traversal
D.Broken Authentication
Explanation: A Buffer Overflow occurs when a program overruns the boundary of a buffer, overwriting adjacent memory locations. Attackers exploit this vulnerability to crash applications or inject malicious code that executes with the privileges of the running program.
10How does a baiting attack differ from a quid pro quo attack in social engineering?
A.Baiting relies on email links, whereas quid pro quo relies entirely on phone calls
B.Baiting promises a reward or goods, whereas quid pro quo offers a service or assistance in exchange for credentials
C.Baiting only targets system administrators, whereas quid pro quo targets general retail clients
D.Baiting is completely legal under the IT Act, whereas quid pro quo is a cognizable offense
Explanation: Baiting uses the temptation of a physical or digital item (e.g., a free gift card or a malware-loaded USB drive left in a parking lot) to compromise users. Quid pro quo (something for something) involves offering a service, such as technical support assistance, in exchange for user cooperation or passwords.

About the IIBF Cyber Crimes & Fraud Exam

The IIBF Certificate in Prevention of Cyber Crimes and Fraud Management provides banking professionals with critical knowledge of global cyber threats and vulnerabilities. It covers specific fraud controls, card transaction vulnerabilities, cyber forensics, and regulatory frameworks including the IT Act, 2000. It is one of three certificate examinations required for the Certified Information Technology Audit Professional (CITAP) qualification, which replaced the DISA designation from August 2025.

Assessment

The official exam is a single online remote-proctored paper consisting of 120 objective MCQs. The maximum marks are 100 and there is no negative marking.

Time Limit

2 hours

Passing Score

60 out of 100

Exam Fee

₹1,100 for Members / ₹1,600 for Non-members (+ GST) (Indian Institute of Banking & Finance (IIBF))

IIBF Cyber Crimes & Fraud Exam Content Outline

25%

Module A: Cyber Crimes Overview

Introduction to cyber crimes, electronic channels, stalking, cyber extortion, hacking, phishing, social engineering, and system vulnerabilities.

25%

Module B: Fraud Management

Computer fraud protection systems, types of controls (prevention, detection, mitigation), data encryption methods, and cyber forensics.

25%

Module C: Electronic Transactions

Online payment models, emerging transaction channels (UPI, IMPS), security protocols, and payment card fraud techniques (skimming, cloning, carding).

25%

Module D: Cyber Laws and Regulatory Compliance

Information Technology Act 2000, key amendments, legal frameworks for electronic signatures, taxation issues, and RBI cyber security guidelines.

How to Pass the IIBF Cyber Crimes & Fraud Exam

What You Need to Know

  • Passing score: 60 out of 100
  • Assessment: The official exam is a single online remote-proctored paper consisting of 120 objective MCQs. The maximum marks are 100 and there is no negative marking.
  • Time limit: 2 hours
  • Exam fee: ₹1,100 for Members / ₹1,600 for Non-members (+ GST)

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

IIBF Cyber Crimes & Fraud Study Tips from Top Performers

1Familiarize yourself with specific sections of the IT Act, 2000, especially Section 43, 66, and its subsections, which are heavily tested.
2Understand the functional differences between prevention, detection, and mitigation controls in banking systems.
3Pay attention to the mechanism of card-based frauds such as skimming, shimming, and phishing/vishing scams.
4Study RBI's master directions on cybersecurity and guidelines for reporting cyber fraud incidents to CERT-In and RBI.

Frequently Asked Questions

What is the passing score for the IIBF Cyber Crimes exam?

A candidate must score a minimum of 60 out of 100 marks to successfully clear the exam.

Is this exam part of any larger qualification?

Yes. This examination is one of three certificate exams required for the Certified Information Technology Audit Professional (CITAP) qualification, which replaced the DISA designation from August 2025.

Are there negative marks in the official exam?

No. There is no negative marking for incorrect answers in IIBF certificate exams.

Who is eligible to take this exam?

Any candidate who has passed the 12th standard or equivalent can register, including graduates and banking personnel.