All Practice Exams

100+ Free IIBF IT Security Practice Questions

Pass your IIBF Certificate Examination in IT Security (India) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
not-published Pass Rate
100+ Questions
100% Free

Loading practice questions...

2026 Statistics

Key Facts: IIBF IT Security Exam

120 MCQs

Number of questions in the official exam

IIBF Rules & Syllabus

50/100

Minimum passing score

IIBF Rules & Syllabus

2 Hours

Exam duration

IIBF Rules & Syllabus

₹1,100 / ₹1,600

Fees for members/non-members (plus GST)

IIBF Rules & Syllabus

IIBF IT Security certificate: 120 MCQs (100 marks), 2 hours, pass at 50%, no negative marking. Cost ₹1,100 (members) / ₹1,600 (non-members) + GST. Eligibility: 12th pass.

Sample IIBF IT Security Practice Questions

Try these sample questions to test your IIBF IT Security exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which of the following describes the 'Confidentiality' component of the classic CIA triad in banking operations?
A.Ensuring that system resources and banking services are accessible to authorized users when needed
B.Ensuring that financial data and transaction records are not altered or tampered with by unauthorized parties
C.Ensuring that sensitive customer data, such as PINs and account numbers, is kept private and not disclosed to unauthorized individuals
D.Ensuring that transaction authors cannot deny having initiated a specific fund transfer
Explanation: Confidentiality ensures that information is not disclosed to unauthorized individuals, entities, or processes, which in banking includes protecting account passwords, PINs, and personal customer information from leaks.
2In the context of database transaction security, which of the following is the primary objective of 'Integrity'?
A.Preventing unauthorized users from viewing the contents of the database
B.Ensuring the database remains operational and online 24/7 without service interruption
C.Preventing unauthorized or accidental alteration, deletion, or manipulation of database records
D.Encrypting database backups to prevent leakage during transmission
Explanation: Integrity focuses on safeguarding the accuracy and completeness of data. In database security, it ensures that unauthorized changes (whether malicious or accidental) are prevented and that data remains reliable and correct.
3A bank implements redundant power feeds, backup generators, and server clustering. Which core information security goal is primarily addressed by these measures?
A.Integrity
B.Availability
C.Confidentiality
D.Non-repudiation
Explanation: Availability ensures that systems and data are available to users when needed. Redundant power feeds, backup generators, and server clusters prevent service interruptions, supporting high availability for critical banking applications.
4What is the primary distinction between authentication and authorization in a bank's security architecture?
A.Authentication assigns roles to users, while authorization verifies their biometric data
B.Authentication verifies the identity of a user, while authorization determines their access privileges and permissions
C.Authentication is a physical security control, whereas authorization is a logical network control
D.Authentication tracks user activity logs, whereas authorization encrypts database queries
Explanation: Authentication is the process of verifying who a user is (e.g., via password, OTP, or biometrics). Authorization is the process of verifying what an authenticated user has permission to do (e.g., viewing ledger accounts or approving loans).
5Which security service ensures that a customer cannot falsely deny initiating an online fund transfer, and the bank cannot deny receiving it?
A.Confidentiality
B.Data Integrity
C.Non-repudiation
D.High Availability
Explanation: Non-repudiation prevents an individual or entity from denying the origin or receipt of a transaction. It is typically implemented in digital banking using public key cryptography and digital certificates.
6What is the primary purpose of a bank's Corporate IT Security Policy?
A.To provide step-by-step operating system configuration commands for the system administrators
B.To set the high-level security directives, management intentions, and security frameworks for the organization
C.To list the specific names and contact details of all external IT vendors
D.To define the annual budget allocation for hardware replacement
Explanation: A Corporate IT Security Policy is a high-level document approved by executive leadership (the Board) that outlines the bank's security stance, objectives, roles, and responsibilities, guiding all subsequent standards and procedures.
7Which body within a commercial bank holds the ultimate responsibility for approving the Information Security Policy and ensuring IT risks are aligned with risk tolerance?
A.The Chief Information Security Officer (CISO)
B.The External IT Audit Team
C.The Board of Directors
D.The Network Administration Department
Explanation: The Board of Directors has the ultimate governance and oversight responsibility in banks. They approve the Information Security Policy and ensure that security strategies align with the bank's business objectives and risk appetite.
8When framing a bank's IT security policy, what is the significance of separating policies, standards, and guidelines?
A.It allows policies to remain high-level and stable, while technical standards and guidelines can change as technology evolves
B.It is done solely to comply with external legal audits without functional benefits
C.It ensures that only the CISO can read the guidelines while the board reads the policies
D.It minimizes the document size so that it can be stored on legacy systems
Explanation: Policies are high-level, stable statements of management intent. Standards specify mandatory controls and technologies, which may update frequently. Guidelines offer non-mandatory best practices. Separating them ensures policy longevity.
9In IT risk management, how is 'Asset Valuation' defined, and why is it important?
A.It is the process of calculating depreciation on IT hardware for tax purposes
B.It determines the replacement cost and business value of data/systems to help prioritize security spending
C.It is the calculation of the CISO's salary based on system performance
D.It measures the network bandwidth usage of the Core Banking System
Explanation: Asset Valuation identifies the worth, importance, and sensitivity of information systems and data. This value helps the bank perform cost-benefit analyses to ensure that the cost of security controls does not exceed the value of the assets protected.
10Which of the following correctly describes the relationship between Threat, Vulnerability, and Risk?
A.Vulnerability is the financial impact, Threat is the mitigation control, and Risk is the occurrence probability
B.Risk is the potential for a threat source to exploit a vulnerability, resulting in business impact or loss
C.Threat is a weakness in system design, Vulnerability is the threat agent, and Risk is the safeguard
D.Vulnerability and Threat are synonymous, whereas Risk is the security budget
Explanation: Risk is a function of the likelihood of a threat source exploiting a vulnerability and the resulting impact on the organization. Vulnerability is the weakness, and the threat is the potential danger.

About the IIBF IT Security Exam

The IIBF Certificate Examination in IT Security provides bankers and finance professionals with critical skills to assess, prevent, and manage cybersecurity threats, implement IT security controls, and align with IS audit standards and RBI regulatory compliance.

Assessment

Single remote-proctored online MCQ paper of 120 questions, duration 120 minutes. No negative marking.

Time Limit

2 hours

Passing Score

50 out of 100

Exam Fee

₹1,100 (members) / ₹1,600 (non-members) + GST (Indian Institute of Banking & Finance (IIBF))

IIBF IT Security Exam Content Outline

25%

Module A: IT Security Overview

Fundamentals of Information Security, Corporate Security Policies, Organisational Security and Risk Management, Security Governance, and Information Security Standards.

25%

Module B: IT Security Controls

Asset Classification, Logical Access Controls, Hardware and Software Controls, Network Controls, Database Controls, Cryptography, and Software Development Controls.

25%

Module C: IT Security Threats

Threat Landscape (Malware, Cyber Espionage), Incident Management, Fault-Tolerant Systems, and Business Continuity & Disaster Recovery Management.

25%

Module D: IS Audit & Regulatory Compliance

IS Audit Process and Planning, Regulatory Compliance Requirements, and RBI Guidelines on Cyber Security Framework in Banks.

How to Pass the IIBF IT Security Exam

What You Need to Know

  • Passing score: 50 out of 100
  • Assessment: Single remote-proctored online MCQ paper of 120 questions, duration 120 minutes. No negative marking.
  • Time limit: 2 hours
  • Exam fee: ₹1,100 (members) / ₹1,600 (non-members) + GST

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

IIBF IT Security Study Tips from Top Performers

1Understand the CIA triad and how it applies to various banking systems and transactions.
2Get comfortable with network security controls, including firewalls, routers, IDS/IPS, and asymmetric vs symmetric cryptography.
3Review the concepts of Business Continuity Planning (BCP) and Disaster Recovery (DR) in banks, including RPO and RTO.
4Familiarize yourself with RBI's guidelines on cybersecurity frameworks for banks and basic IS Audit processes.
5Read through ISO 27001 standards and COBIT frameworks briefly to understand their components.

Frequently Asked Questions

What is the passing score for the IIBF IT Security exam?

You need to score at least 50 marks out of 100. There is no negative marking.

What is the fee for the examination?

The fee is ₹1,100 for IIBF members and ₹1,600 for non-members, plus GST and bank convenience charges.

What is the format of the exam?

It is an online, remote-proctored test consisting of 120 multiple-choice questions (MCQs) to be completed in 2 hours.

Who is eligible to take this exam?

Any candidate (member or non-member) who has passed the 12th standard (or equivalent) is eligible.