Nepal Rastra Bank Information Technology Guidelines
1. What does ATM stand for?
a) Automatic Teller Machine b) Automated Transfer Machine c) Automatic Transfer Mechanism d) Advanced Teller Machine
2. BAFIA is an acronym for which of the following?
a) Banking and Financial Industry Act b) Bank and Financial Institution Act c) Bank and Finance International Agreement d) Bank and Financial Insurance Act
3. Which of the following best describes BCP?
a) Business Compliance Policy b) Business Continuity Policy c) Banking Control Program d) Banking Compliance Procedure
4. The term BOD in banking refers to which of the following?
a) Banking Opening Day b) Beginning Of Day c) Bank Operations Day d) Business Order Day
5. CCTV stands for:
a) Close-Camera Television b) Closed-Circuit Television c) Circuit Communication Television d) Centralized Camera Television
6. In the context of information security, CIA stands for:
a) Confidentiality, Integrity, Availability b) Centralized Information Access c) Cybersecurity, Integrity, Access d) Confidentiality, Internet, Access
7. COBIT is a framework for:
a) Control Objectives for Information and Related Technology b) Central Operations for Banking and IT c) Core Objectives for Information Technology d) Common Objectives for IT Management
8. What does DC stand for in IT infrastructure?
a) Data Collection b) Data Centre c) Digital Channel d) Direct Communication
9. DR in the context of business continuity stands for:
a) Data Recovery b) Disaster Recovery c) Digital Recovery d) Direct Response
10. What is DRP short for?
a) Disaster Recovery Program b) Data Recovery Plan c) Disaster Recovery Policy d) Data Retention Policy
11. EOD stands for:
a) End Of Day b) Entry Of Data c) Essential Operational Data d) Emergency Operations Division
12. The acronym IS in technology commonly refers to:
a) Information Structure b) Information System c) Internal Security d) Integrated Software
13. ISO, in an organization, may refer to:
a) Information Security Officer b) International Standards Organization c) Integrated System Operations d) Information Security Operations
14. IT stands for:
a) Information Technology b) International Technology c) Integrated Telecom d) Information Transaction
15. NRB is the central bank of Nepal. What does it stand for?
a) National Reserve Bank b) Nepal Revenue Bank c) Nepal Rastra Bank d) National Regulatory Bank
16. What is POS in the context of retail and banking?
a) Point of Sale b) Power of Service c) Product of Service d) Position of Sale
17. RPO in data recovery terms is:
a) Recovery Policy Objective b) Recovery Process Optimization c) Recovery Point Objective d) Real-time Process Optimization
18. The term RTO in disaster recovery means:
a) Recovery Time Objective b) Real-time Optimization c) Restoration Time Objective d) Recovery Task Order
19. SMS in communications technology stands for:
a) Service Message System b) Short Message Service c) Systematic Messaging System d) Short Method System
20. UPS is essential for uninterrupted power supply. It stands for:
a) Unified Power Solution b) Uninterrupted Power Supply c) Universal Power System d) Unallocated Power Service
21. Why is IT governance important for commercial banks?
a) It reduces the need for IT resources b) It supports and enables business goals and growth c) It limits the use of IT in banking d) It replaces manual processes
22. How often should a bank review its IT policy according to NRB guidelines?
a) Monthly b) Quarterly c) Annually d) Every five years
23. What should banks use to separate internal and external networks for security purposes?
a) Firewalls b) Routers c) Proxies d) VPNs
24. What should banks implement for ATM operations to prevent fraud while not capturing customer PINs?
a) Biometric verification b) CCTV with adequate lighting c) Signature authentication d) Manual verification
25. What should replace magnetic stripe cards according to the security recommendations?
a) Plastic cards b) Virtual cards c) Chip-based cards d) Magnetic tokens
26. For mobile banking, what currency transactions should be permitted according to the guidelines?
a) Only foreign currency b) Any currency c) Only Nepalese currency d) Any cryptocurrency
27. Which of the following should be adopted to secure data on mobile devices used for banking?
a) High storage capacity b) Strong encryption and transaction limits c) Bluetooth connectivity d) Open access to mobile applications
28. How should banks manage privilege access to critical systems?
a) Assign to any employee as needed b) Conduct a background check and limit access c) Allow open access for troubleshooting d) Delegate to external consultants
29. Which factor should NOT be stored together before delivering to the customer?
a) Debit card and receipt b) PIN and card c) Cardholder name and account number d) Bank branch address and customer ID
30. What type of authentication is recommended for online payment using cards?
a) Single-factor authentication b) PIN-based only c) Second factor authentication with alerts d) Signature-based authentication only
31. Why is information security education important for banks?
a) To attract more customers b) To increase transaction fees c) To prevent unauthorized access and enhance secure banking operations d) To reduce the number of employees
32. Who should be targeted in a bank's information security awareness program?
a) Employees only b) Customers only c) Employees, vendors, customers, and other related stakeholders d) Senior management only
33. What is the primary purpose of Business Continuity Planning (BCP) in banks?
a) To increase profitability b) To minimize financial, operational, legal, reputational, and other risks c) To expand customer base d) To reduce the number of employees
34. Which of the following best describes Disaster Recovery Planning (DRP)?
a) Marketing and promotional activities of the bank b) Technical component of BCP focusing on high availability of IT systems c) Customer service policies d) Data privacy policies
35. What should be considered when designing a bank’s IT system and datacenter (DC) to ensure disaster resilience?
a) Fault tolerance for mission-critical systems b) Proximity to customer locations c) Visual appeal of the DC building d) Cost-saving mechanisms
36. What is the purpose of using Hot Site, Warm Site, or Cold Site in DRP?
a) To comply with the IT staff requirements b) To meet specified Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) c) To reduce transaction fees d) To minimize data redundancy
37. Which of the following disaster mitigation strategies should banks adopt for data centers?
a) Providing high-speed internet for employees b) Using UPS, generators, surge protectors, and physical/environmental controls c) Reducing the size of the data center d) Increasing the number of ATMs
38. How should banks address transaction and data integrity between the Data Center (DC) and Disaster Recovery (DR) site?
a) Check integrity periodically as part of End of Day (EOD) or Beginning of Day (BOD) processes b) Perform checks only during system upgrades c) Conduct annual audits d) Delegate this to customers
39. What is meant by the “RPO” in a Business Continuity context?
a) Recovery Power Objective b) Recovery Point Objective c) Remote Processing Objective d) Redundant Protection Objective
40. What is one benefit of a high availability system in a banking environment?
a) Increases the number of customers b) Provides live replication of data to an offsite location for continuity c) Reduces transaction fees d) Improves employee satisfaction
41. How should banks handle physical access to their data centers?
a) Open access to all employees b) Restrict access to authorized individuals only c) Provide access to customers for transparency d) Allow remote access only
42. What should be done if a bank outsources some IT functions to another country?
a) Ignore local regulations b) Evaluate country risk factors like economic, social, and political situations c) Ensure that customer service remains unaffected d) Prioritize cheaper service providers
43. What is a primary responsibility of Nepalese banks to manage electronic fraud?
a) Hire more employees b) Identify, document, and report all electronic attacks to Nepal Rastra Bank monthly c) Decrease the use of electronic delivery channels d) Ignore minor attacks
44. How should customers be involved in fraud prevention in the banking system?
a) By restricting their access to online services b) By informing them about fraud identification, avoidance, and protection measures c) By limiting the services provided to them d) By providing them with encryption software
45. What is the purpose of Access Control in information security?
a) Allow unauthorized access to resources b) Enable authorized use of a resource and prevent unauthorized access c) Simplify system login processes d) Make resources available for everyone
46. Assurance in information security provides:
a) Confidence that security goals like integrity and confidentiality are met b) A mechanism for reporting fraud c) An alternative to encryption d) A method to access resources without restriction
47. What is Encryption?
a) Process of restricting access to data b) Converting data into a form not easily understood by unauthorized people, which can be converted back by decryption c) A backup process d) A security policy for handling data
48. What does Information Security Policy refer to?
a) A guideline for customer service b) A statement outlining required protection for information objects c) A set of marketing strategies d) A tool for encrypting data
49. In security terminology, what is a Subject?
a) A passive entity containing information b) An active entity, such as a person or device, that causes information flow or system changes c) A type of security policy d) An encrypted document
50. What is an Object in terms of security?
a) A passive entity that contains or receives information b) A tool for encrypting data c) A monitoring system d) An active user accessing the system
51. What does Risk Management involve in a security context?
a) Increasing the number of system users b) Assessing and managing risks by analyzing threats and vulnerabilities c) Offering rewards to loyal customers d) Reducing operational costs
52. Security in an IT system is:
a) Simply a set of mechanisms b) A property of the system that includes a set of functions and mechanisms c) Only relevant to physical systems d) Mainly a marketing concept
53. What is a Threat in the context of information security?
a) A tool for backing up data b) A circumstance or event with the potential to harm an information system c) An encrypted message d) A system update
54. What is Vulnerability in an information system?
a) A high level of security b) A weakness in the system that could be exploited, leading to security breaches c) A type of encryption d) A tool for fraud prevention
Eauta kura comment garna man lagyo.
ReplyDeleteYo answer haru jun ali lamo xa tehi nai ho vanne hunxa. so sabai ans laii ki ta tei anusar ko banai dinu.
Dherai nai sahayog garnu vayeko xa sir. I wish your better future only. Tai pani comment garna man lagyo.