S.

No QUESTIONS A B C D
1 In SBI's Data Governance Policy, what role does data classification a. Increasing website traffic Enlancing employee morale Identifying the sensitivity and Boosting market shuare
play? criticality of data
2 If you suspect that your internetbanking account has been compromised, a. Ignore it b Immediately log out and log in c. Report it to the Bank and d. Uninstall your antivirus
what should you do first? again change the password

3 What is the primary objective of SBI's Data Governance Policy? a Increase customer b. Promote digital transactions Ensure integrity, availability, d. Reduce operational expenses
outreach and confidentiality of data

4 What is Social Engineering? a. Creating memes b Manipulating people to Sending newsletters d. Learning coding online
divulge confidential info
5 Under the Act, processing of personal data of children requires: Parental consent School approval No consent d Bank authorization

6 Which platform can SBI customers use to report cyber frauds? 4 RBI headquarters only b SBI's Cyber Crime Cell only SBT's toll-free helpime, d Income Tax Department
branch, or official website
7 What is one of the rights of a Data Principal under the DPDP Act? a Right to marketing calls Right to erasure of personal Right to sell data d Right to anonymity
data
8 Which of the following is a sign that an internet Banking Website may be a. The site uses HTTPS b. The site asks for personal The site loads quickly d. The site includes your Banks
fraudulent? information via pop ups official logo

9 Mr "A" receives a call from a so called CBI officer who claims that illegal a Promptly follow the b. Rush to the branch and Disconnect the cal and report d Call neighbours for help
items have been found in his courier packet. The caller puts Mr "A" instructions of the caller arrange for Money the incidence to the nearest
under digital arrest by resiricting his movements and also prevents him cyber crime police staff portal
from disconnecting the video call. The caller asks Mr "A" to deposit the 1930
penalty. What should Mr "A" do?

10 Which of the following is a cyber security obligation under the DPDP Mantam's social media b Perform routine cyber Enable two-factor authentication d File income tax
Act? presence audits for all bank accounts:

11 Abraham receives a call from the Narcotics Department informing him a Transfer Rs 50 lacs to the b Ignore the call Stay Calm Call 1950 report the d None of the above
that his sister travelling abroad has been caught carrying drugs in her officer same on the cybercrime
bag at the airport. Abraham gets tense at his sister was travelling to portal, be alert and
Dubai. The Officer from the Narcotics Department asks Abraham to disconnect the call
isolate himself in a room for Security reasons and immediately depost unmediately.
Rs 50 lakhs as bail for his sister. What should Abraham do?

12 To prevent growth in Inoperative accounts, Annexure "B" is to be sent to a Rs 5000 or more bRs 25000/-or more None of the above d. No minimum Threshold
account holder(s) to ascertain the reason for non operation in the
account where the balance in the account is?

13 Proactive Risk Management Department uses which mail id? noreplyprm@[Link].i b noreplyptm@[Link] in cnorepliesprm/@[Link].m d None of the above
n
14 Which term refers to the ability to limit data access to only those a Availability b. Anonymity Confidentiality d Decentralization
authorized?
15 Is the Bank's MIS generating any digital transaction reports? YES NO NA d Not required
16 Veera receives an email that looks like its from her airline Royalty a. Call the airline using b. Click the Imk only from her Forward the email to friends for d Reply to sender asking for
Program. The logo is correct and it says she is eligible for double points official contact information mobile advise verification
if she confirms her login credentials. The email asks her to click a link
and re enter her login and password. How can Veera verify the email's
authencity?

17 Who is referred to as a 'Data Principal'? Government body b Data analyst Individual to whom the d IT manager
personal data relates
18 Maximum liability of a customer under UAED transaction on credit card a Rs 25000 b. Rs 15000/- CRs 5000- d Rs 50000/
with limit above Rs 5 lacs is?

19 What is the main cyber security risk addressed by the DPDP Act? a Loan defaults Unauthorized access or data c Stock market crashes d Physical theft of office
leakage equipment
20 What is the main objective of the DPDP Act, 2023? a Promote e-commerce Protect personal data of c Curb cybercrime only d Regulate cryptocurrency
individuals
21 Most important aspects to look for during EDD are is? 2 Call customer to visit the b. Physical site verification, Ask cutomer to close accounts d. All of the above
branch with KYC matching transactions with in other banks
activity, not to tip off the
customer, monitor Sudden
Spurt in transactions, filing
STR(IF REQUIRED)

22 How should grievances be addressed under the Act? a Through social media Through courts only Via internal grievance d No redressal process defined
redressal and appeal to the
Board
23 Emily's debit card is declined at an ATM and she notices that the ATM a Social Media Scam b Phishing ATM Skimming d. None of the above
looks suspicious. She later discovers that her card details have been
stolen. This is what kind of a scam?

24 What does 'Legitimate Use' under the Act mean? a Any use that benefits the b. Use for profit Use without comment under d. Use for advertisements
government permitted conditions

25 Which of the following is considered a contributory negligence by a a Using SBI's official mobile Reporting a fraud mmmediately Sharing OTP with a fraudster d. Using a secure password
customer under SBI's cyber fraud policy? app

26 The DPDP Act mandates entities to appoint a Data Protection Officer if a Small startups b. Significant Data Fiduciaries Any individual collecting data d Government-only bodies
they are:

27 Which CINB variant is to be provided to a Proprietorship account? a. Multiple user multiple b. Two user Multiple user single Admin d. Single user
Admin
29 What is the maximum extent of penalty in DPDP Act for failure to take a. Upto Rs 250cr b. Up to Rs 200 cr c. Up to Rs 150 cr d. None of the above
resonable security safegaurds to prevent data breach

30 what Is the helpline number launched by MHA for reporting cyber a. 2040 1940 1930 d. O 1920
crimes
31 Physical call verification must necessarily be done with geo-tagging at a NO b. YES c NOT APPLICABLE d. Not required
the time of opening non individual current account accounts and also
activating inoperative accounts
32 Which of the following tools is commonly used in SBI to prevent a. SEO analytics b. Firewalls and Intrusion c. Email newsletters d. CRM dashboards
unauthorized access to sensitive data? Detection Systems (IDS)

33 Mitra receives a call from a man named" James" claiming to be from a a. High Guaranteed returns b. Detailed Paperwork c. Quick decesion pressure d. a and c
reputed investment firm. He offers her an opportunity to invest Rs 10000
with guaranteed 20% return within 3 months. He pressurizes her to act
quickly, saying that the offer is "about to close". He also sends her the
link of a website that looks authentic and some documents that look
official. Which red flag stands out the most?

34 Which of the following is a responsibility of the Data Fiduciary? a. Investing in crypto b. Publishing user data c. Ensuring data accuracy and d. Selling data to third parties
security
35 The Data Protection Board has the power to: a. Enact new laws b. Impose penalties for non- c. Conduct elections d. Provide tax benefits
compliance
36 While opening a current account Branch obtains the a. Annexure (V-A/V-B/V-C), b. Annexure (VI-A/VI-B/VI-C), c. Both (a) and (b) d. None of the above
Declaration/undertaking pertaining to credit facilities and Declaration by Annexure-XXII Annexure-XXII
customer:

37 What kind of data is considered 'critical' under SBI's Data Governance a. Marketing data b. Customer and financial c. Social media interactions d. Publicly available data
Policy? transaction data
38 What is the main cyber security risk addressed by the DPDP Act? a. Loan defaults b. Unauthorized access or data c. Stock market crashes d. Physical theft of office
leakage equipment
39 Which of the following is NOT a ground for processing data without a. Court order b. Medical emergency c. Public interest d. Marketing promotion
consent?
40 What should a Data Fiduciary do in case of a data breach? a. Hide the breach b. Sell the data quickly c. Notify the Data Protection d. Format their systems
Board and affected Data
Principals
41 What is Spam? Fresh groceries b. Unsolicited bulk messages, Paid ads d. Cookies from websites
often via email
42 What is the primary purpose of SBI's compensation policy for cyber a. To penalize cybercriminals b. To compensate the bank for c. To protect customers from d. To increase transaction limits
frauds? losses financial loss due to
unauthorized electronic
transactions
43 Which of the following is a key pillar of SBI's Cyber Security and Data a. Financial inclusion b. Data encryption and access c. Customer relationship d. Product diversification
Governance Framework? controls management

44 To prevent growth in Inoperative accounts, Annexure "B" is to be sent to a. Rs 5000/- or more b. Rs 25000/- or more c. None of the above d. No minimum Threshold
account holder(s) to ascertain the reason for non operation in the
account. where the balance in the account is?

45 Tom receives a call from someone sounding like their Bank officer, a. Pharming Piggybacking c. Scareware d. O Vishing
warning of fraudulent activity and asking for the OTP. The call ID shows
the Bank's real number. The OTP is shared and money is lost. What
kind of scam is this?

46 Data Governance Officer (DGO) at Circle level is? a DGM(Fin & Ops) b. General Manager (Network) c. DGM(C & R) d. CGM of the Circle

47 What is the role of user access management in SB's data governance a. Encouraging customer b. Monitoring ATM transactions c. Granting data access based d. Promoting mobile banking
policy? feedback on roles and responsibilities
48 The DPDP Act primarily applies to which type of data? a. Financial data only b. Anonymous data c. Personal data d. Government records

49 What is Firewall? a. A wall made of fire b. A network security system c. A password manager d. A mobile app
that controls traffic
50 Under the Act, processing of personal data of children requires: a Parental consent h School approval No consent d Bank authorization

51 What is one of the rights of a Data Principal under the DPDP Act? a Raght to marketing calls b Right to erasure of personal Right to sell data d Right to anonymity
data
52 Which platform can SBI customers use to report cyber frauds? RBI headquartiers only SBT's Cyber Crime Cell only SBTs toll-free helpline, franch, d Income Tax Department
or official website
53 Proactive Risk Management Department uses which mail id? a noreplyprmalerts@ [Link] b noreplyprm@[Link] c. norephespro@alerts [Link] d. None of the above
in
54 What is the main cyber security risk addressed by the DPDP Act? a Loan defaults Unauthorized access or data c Stock market crashes Physical theft of office
leakage equipment
55 What does 'Legitimate Use' under the Act mean? a. Any use that benefits the Use for profit Use without consent under d. Use for advertisements
government permitted conditions

56 Abraham receives a call from the Narcotics Department informing him a Transfer Rs 50 lacs to the b Ignore the call Stay Calm Call 1920 report the 4. None of the above
that his sister travelling abroad has been caught carrying drugs in her officer same on the cybercrime portal,
bag at the airport. Abraham gets tense at his sister was travelling to be alert and disconnect the call
Dubai. The Officer from the Narcotics Department asks Abraham to ummmbately.
isolate himself in a room for Security reasons and immediately depost
Rs 50 lakhs as bail for his sister. What should Abraham do?

57 To prevent growth in Inoperative accounts, Annexure "B" is to be sent to a. Rs 5000/- or more h:Rs 25000 or more None of the above d. No minimum Threshold
account holder(s) to ascertain the reason for non operation in the
account where the balance in the account is?

58 Which CINB variant is to be provided to a Proprietorship account? a. Multiple user multiple b Two user Multiple user single Admin d Single user
Admin
59 What is the main objective of the DPDP Act, 20232 a. Promote e-commerce Protect personal data of Curb cybercrime only d. Regulate cryptocurrency
individuals
60 What is Malware? a. A new software update Malicions software deugned to An antivirus tool d. A programming language
harm or exploit
61 The DPDP Act mandates entities to appoint a Data Protection Officer if a Small startups b Signdicant Data Fiduciary Any individual collecting data d. Government only bodies
they are:

62 Is the Bank's MIS generating any digital transaction reports? YES NO C NA Not required

63 Maximum liability of a customer under UAED transaction on credit card a Rs 25000 b Rs 15000 Rs 5000 d Rs 50000
with limit above Rs 5 lacs is ?

64 Which of the following is a cyber security obligation under the DPDP a Mantam social media Perform routine cyber audits Enable two-factor authentication d File income tax
Act? presence for all bank accounts

65 How should grievances be addressed under the Act? a Through social media Through courts only Via internal grievance redressal d. No redressal process defined
and appeal to the Board
66 Emily's debit card is declined at an ATM and she notices that the ATM a Social Media Scam 6 Phishing ATM Skimming d. None of the above
looks suspicious. She later discovers that her card details have been
stolen. This is what kind of a scam?

67 Mr "A" receives a call from a so called CBI officer who claims that illegal a Promptly follow the Rush to the branch and arrange D Discomect the cal and report d Call neighbours for help
items have been found in his courier packet. The caller puts Me" A" instructions of the caller for Money the incidence to the nearest
under digital arrest by resiricting his movements and also prevents him cyber crime police station portal
from disconnecting the video call. The caller asks Mr "A" to deposit the 1930
penalty. What should Mr "A" do?

68 Veera receives an email that looks like its from her airline Royalty a. Call the airline using Click the link only from her Forward the email to friends for 4 Reply to sender asking for
Program. The logo is correct and it says she is eligible for double points official contact information mobile advise verification
if she confirms her login credentials. The email asks her to click a link
and re enter her login and password. How can Veera verify the email's
authencity?

69 Who is referred to as a 'Data Principal'? a Government body b Data analyst Individual to whom the personal 4 IT manager
data relates
70 Which term refers to the ability to limit data access to only those Availability b Anonymity Confidentiality d. Decentralization
authorized?
71 Most important aspects to look for during EDD are is? a Call customer to vut the Physical site verification, Ask cutomer to close accounts d. All of the above
branch with KYC matching transactions with in other bandes
activity, not to tip off the
Pkb customer, monitor Sudden Spurt
in transacious, filing STR(IF
REQUIRED)
72 Which of the following is a sign that an internet Banking Website may be The site uses HTTPS b. The site asks for personal The site loads quickly d. The site includes your Banks
fraudulent? information via pop ups official logo

73 If you suspect that your internetbanking account has been compromised, a ignore it b Immediately log out and log in Report it to the Bank and d Uninstall your antivirus
what should you do first? again change the password

74 If you receive a call from an unknown number, which of the following is a. 1600xxx b. Mobile Number c. Landline number d. A foreign number
the most trustworthy?

75 Which of the following is a key pillar of SBI's Cyber Security and Data a. Financial inclusion Data encryption and access C Customer relationship d Product diversification
Governance Framework? controls management

76 Abraham receives a call from the Narcotics Department informing him a. Transfer Rs 50 lacs to the b. Ignore the call C Stay Calm Call 1930/report d. None of the above
that his sister travelling abroad has been caught carrying drugs in her officer the same on the cybercrime
bag at the airport. Abraham gets tense at his sister was travelling to portal, be alert and disconnect
Dubai. The Officer from the Narcotics Department asks Abraham to the call immediately.
isolate himself in a room for Security reasons and immediately depost
Rs 50 lakhs as bail for his sister. What should Abraham do?
77 What is the full form of DPDPA? a. Digital Personal Data b. Digital Person Data c. Digital Personal Data d. Digital Personal Data
Protection Article Protection Act Population Act Protection Act

78 Which of the following is NOT a ground for processing data without a. Court order b. Medical emergency C. Public interest d. Marketing promotion
consent?
79 SPDI stands for? a Sensitive Personal Data b. Sensitive Personal Detailed C. Sensitive Personal Data or d. None of the above
Information Information Information
80 Tom receives a call from someone sounding like their Bank officer, a. Pharming Piggybacking c. Scareware d. Vishing
warning of fraudulent activity and asking for the OTP. The call ID shows
the Bank's real number. The OTP is shared and money is lost. What
kind of scam is this?

81 What standard does SBI follow for implementing its cyber security a. ISO 9001 b. ISMS ISO/IEC 27001 C. Six Sigma d. COBIT-5
controls?
82 Mr "A" receives a call from a so called CBI officer who claims that illegal a. Promptly follow the b. Rush to the branch and c. Disconnect the cal and report d. Call neighbours for help
items have been found in his courier packet. The caller puts Mr " A" instructions of the caller arrange for Money the incidence to the nearest
under digital arrest by resiricting his movements and also prevents him cyber crime police station portal
from disconnecting the video call. The caller asks Mr "A" to deposit the 1930
penalty. What should Mr "A" do?

83 What is Social Engineering? a. Creating memes Manipulating people to divulge Sending newsletters d. Learning coding online
confidential info
84 What is the storage limitation principle under the Act? a. Store forever Store for a fixed 10 years Store only as long as necessary d. No such principle

85 What ensures accountability in data usage under SBI's Data a. Using mobile apps for data b. Appointing Data Stewards c. Outsourcing data processing Random data migration
Governance framework? entry and Custodians

86 In SBI's Data Governance Policy, what role does data classification a. Increasing website traffic b. Enhancing employee morale c. Identifying the sensitivity and d. Boosting market share
play? criticality of data
87 Failure to implement cyber security safeguards may result in: a. Cashback offers Financial penalties under the Higher ratings [Link] data processing licenses
Act
88 Which of the following is considered a contributory negligence by a a. Using SBI's official mobile b. Reporting a fraud immediately C. Sharing OTP with a fraudster [Link] a secure password
customer under SBI's cyber fraud policy? app

89 Which of the following is a responsibility of the Data Fiduciary? Investing in crypto Publishing user data Ensuring data accuracy and [Link] data to third parties
security
90 What is the full form of NCRP a. National Cyber Crime b. National Crime Reporting C. National Crime Recording d. None of the aove
Reporting Portal Portal Portal

91 What is Firewall? A wall made of fire A network security system that A password manager d. A mobile app
controls traffic
92 What is the primary objective of SBI's Data Governance Policy? a. Increase customer b. Promote digital transactions Ensure integrity, availability, and [Link] operational expenses
outreach confidentiality of data
93 Which of the following tools is commonly used in SBI to prevent a. SEO analytics b. Firewalls and Intrusion Email newsletters [Link] dashboards
unauthorized access to sensitive data? Detection Systems (IDS)

94 Physical call verification must necessarily be done with geo-tagging at NO YES NOT APPLICABLE d. Not required
the time of opening non individual current account accounts and also
activating inoperative accounts
 95 Meera is invited to a seminar about Real Estate Investing. She is a. High investment threshold b. Pressure to join an exclusive Foreign Propesty investments d. All of the above
impressed by the speaker who claims to have made millions. She is group
offered a spot in a" private club" that buys property abroad with minimum
investment of Rs 25,00,000/-.The presenter insists it is not available to
general public. What makes this suspicious?

96 The Data Protection Board has the power to: a Enact new laws b. Impose penalties for non- O Conduct elections d. Provide tax benefits
compliance
97 Can Non-Home branches Block/unblock Digital Channels? a. YES b NO [Link] APPLICABLE d. Not allowed

98 Beneficial owner is ? a. The person on whose b Includes a person, whether Natural person who ultimately d. All the above
behalf the transaction is acting alone or together or owns/controls a chent
being conducted through one or more judicial
persons has/have a controlling
ownership interest or who
excercises control through other
measures
99 PAN Number is what type of Information? a. Internal b Public Confidential d. None of the above
100 Which of the following is NOT a ground for processing data without Court order Medical emergency Public interest d. Marketing promotion
consent?
101 Data Governance Officer (DGO) at Circle level is? a. DGM(Fin & Ops) b. O General Manager c. DGM(C&R) d. CGM of the Circle
(Network)
102 If you suspect that your internetbanking account has been compromised, a. Ignore it b. Immediately log out and log in c. Report it to the Bank and d. Uninstall your antivirus
what should you do first? again change the password

103 What is the maximum extent of penalty in DPDP Act for failure to take a Upto Rs 250cr b. Up to Rs 200 cr c. Up to Rs 150 cr d. None of the above
resonable security safegaurds to prevent data breach

104 John receives an email that appears to be from his Bank, asking him to a Phishing b. Smushing c. Vishing d. Spear Phishing
verify his account information. The email creates a sense of urgency
stating that the account will be suspended if he does not respond
immediately. What kind of Cyber Crime is this

105 Which of the following best describes VPN? a. A public network b. A gaming application A tool that encrypts internet d. A virus protection network
traffic and hides IP address
106 Who is responsible for notifying a personal data breach to the Data a The affected user b. Data Principal's employer c. The concerned Data Fiduciary d Cyber cell
Protection Board?

107 The DPDP Act primarily applies to which type of data? a Financial data only b. Anonymous data c. Personal data d. Government records

108 What is the primary objective of SBI's Data Governance Policy? a Increase customer b Promote digital transactions c. Ensure integrity, availability, d. Reduce operational expenses
outreach and confidentiality of data

109 If the fraud occurs due to a bank's system failure, what is the customer's Full b Limited c. Zero d. Depends on the amount
liability?
110 c. 1800 11 2211 or 1800 425
What is the toll-free number for reporting cyber frauds in SBI? a. 1800 425 3800 b. 100 d. 1234567890
3800
111
a. Unknowing/unwitting
Which is not a type of money mule account b. Wilful money mules c. Complicit Money Mules d. Lazy Account
Money Mules
112 c. Enable two-factor
Which of the following is a cyber security obligation under the DPDP a. Maintain social media
b. Perform routine cyber audits authentication for all bank d. File income ta
Act? presence
accounts
113
Can Non-Home branches Block/unblock Digital Channels? a. YES b. NO c. NOT APPLICABLE d. Not allowed
114
Who is the primary regulator under the DPDP Act? a. Reserve Bank of India b. Central Vigilance Commission c. Data Protection Board of India d. SEBI
115
If suspicious activity is observed in a current account having multi user
a. Block the Admin b. Block the Maker c. Block the Checker d. Block all active users
variant of CINB, what action can a branch take?
116
If the fraud occurs due to a bank's system failure, what is the
a. Full b. Limited c. Zero d. Depends on the amount
customer's liability?
117
Which of the following is considered a contributory negligence by a c. Sharing OTP with a
b. Reporting a fraud immediately c. Sharing OTP with a fraudster d. Using a secure password
customer under SBI's cyber fraud policy? fraudster
118 c. Stop processing personal
If a Data Principal withdraws consent, the Data Fiduciary must: a. Ignore the request b. Delete the account d. Publish user data
data
119
c. Software designed to detect
Which of the following best describes Antivirus Software? a. Image editing tool b. Operating system d. Software to play videos
and remove malicious programs
120
Under the Act, processing of personal data of children requires: a. Parental consent b. School approval c. No consent d. Bank authorization
121 c. Store only as long as
What is the storage limitation principle under the Act? a. Store forever b. Store for a fixed 10 years d. No such principle
necessary
122 c. Via internal grievance
How should grievances be addressed under the Act? a. Through social media b. Through courts only redressal and appeal to the d. No redressal process defined
Board
123
a. Marginal Cost of Fund b. Margin for Credit and c. Minimum Cost of lending d. Marginal Cost on Loan and
What is the full form of MCLR?
based Lending Rate Lending Rate Rate Recovery
124 Which of the following are key elements of the KYC/AML/CFT Policy of a. Customer Acceptance b. Customer Identification c. Monitoring of Transactions
d. All of the Above
the Bank ? Policy Procedures and Risk Management
125
What type of risk does the bank face in case of adverse media publicity
a. Operational Risk b. Reputational Risk c. Both a. & b d. None of the above
due to ATM Card related frauds?
126
A dedicated Anti Money Laundering Monitoring office for the Bank is
a. Mumbai b. Delhi c. Chennai d. Jaipur
established at?
127 a. Credit Guarantee Fund
b. Credit Guarantee Fund Trust c. Converted Guarantee Tier for
What does CGTMSE stand for? Trust for Micro & Small d. None of the above
for Medium & Small Enterprises Micro and Small Enterprises
Enterprises
128
When conversion of data is done into a text that cannot be easily
a. Brute force cracking b. Tunneling c. Cloaking d. Encryption
understood by unauthorized people it is called data ……..

129
What is the most common delivery method for viruses? a) Email b). Instant Message C) Internet download d)Portable media
130 What is the name of a malicious program that hides within another a. Trojan b. Invisible c. Stowaway d. None of the above
program?
131 ________________ is the technology used for theft of data from a. Bluejacking b. Bluesnarfing c. Both a and b d. None of the above
Bluetooth enabled phone .
132 Scoring model is applicable in ? a. P /SME/AGR Segment b. Corporate borrower c. Both A &B d. None of the above

133 b. Attempt to steal sensitive

What is Phishing? a. A type of fishing activity c. Software update d. Sending greetings online
information via fake emails
134 c. Notify the Data Protection
What should a Data Fiduciary do in case of a data breach? a. Hide the breach b. Sell the data quickly Board and affected Data d. Format their systems
Principals
135 b. Enable two-factor
Various ways to protect Data are a. Strong Password c. Use antivirus software d. All the above
authentication
136 a. Ministry of Health & Family
Cyberdost" is the official social media handle of which Department? b. I4C c. Ministry of Law & Justice d. None of the above
Welfare
137 c. To protect customers from
What is the primary purpose of SBI's compensation policy for cyber b. To compensate the bank for financial loss due to
a. To penalize cybercriminals d. To increase transaction limits
frauds? losses unauthorized electronic
transactions
138
Which Department monitors Digital Payment transactions on a real time a. Proactive Risk
b. DB & T Department c. GITC Belapur d. IAD Hyderabad
basis? Management Department
139 c. Unauthorized access,
What is considered a 'personal data breach' under the DPDP Act? a. Data shared with family b. Authorized data sharing disclosure, or loss of personal d. Editing one's own data
data
140
Under the Act, processing of personal data of children requires: a. Parental consent b. School approval c. No consent d. Bank authorization
141 c. Stop processing personal
If a Data Principal withdraws consent, the Data Fiduciary must: a. Ignore the request b. Delete the account d. Publish user data
data
142
What is the role of user access management in SBI's data governance a. Encouraging customer c. Granting data access based
b. Monitoring ATM transactions d. Promoting mobile banking
policy? feedback on roles and responsibilities
143
According to SBI's cyber security framework, which of the following is a a. Blogging the incident d. Public announcement of
b. Ignoring small-scale breaches c. Reporting and escalation
mandatory component of incident management? online breach

144 b. Protect personal data of

What is the main objective of the DPDP Act, 2023? a. Promote e-commerce c. Curb cybercrime only d. Regulate cryptocurrency
individuals
145
What ensures accountability in data usage under SBI’s Data a. Using mobile apps for data b. Appointing Data Stewards
c. Outsourcing data processing d. Random data migration
Governance framework? entry and Custodians
146 b. Unsolicited bulk messages,
What is Spam? a. Fresh groceries c. Paid ads d. Cookies from websites
often via email
147
a. Personally Identifiable
PII stands for? b. Personal Individual Identity c. Personal Individual Identity d. None of the above
Information
148
Emily’s debit card is declined at an ATM and she notices that the ATM
looks suspicious. She later discovers that her card details have been a. Social Media Scam b. Phishing c. ATM Skimming d. None of the above
stolen. This is what kind of a scam?

149
To prevent growth in Inoperative accounts, Annexure "B" is to be sent to
account holder(s) to ascertain the reason for non operation in the a. Rs 5000/- or more b. Rs 25000/- or more c. None of the above d. No minimum Threshold
account where the balance in the account is?
150 b. Physical site verification,
matching transactions with
a. Call customer to visit the activity, not to tip off the c. Ask customer to close
Most important aspects to look for during EDD are/is? d. All of the above
branch with KYC customer, monitor Sudden Spurt accounts in other banks
in transactions, filing STR (IF
REQUIRED)
151
What is the time limit within which SBI must resolve a complaint about
a. 15 days b. 30 days c. 90 days d. 45 days
unauthorized transactions, as per RBI directives?

152
a. Any use that benefits the c. Use without consent under
What does 'Legitimate Use' under the Act mean? b. Use for profit d. Use for advertisements
government permitted conditions
153
a. Use the same password b. Share login credentials with c. Regularly update contact
What is one of the key actions SBI advises to prevent cyber frauds? d. Ignore suspicious activity
for all accounts family information and monitor account
154
The DPDP Act primarily applies to which type of data? a. Financial data only b. Anonymous data c. Personal data d. Government records
155
a. Personal data processed
Which of the following data does the DPDP Act not apply to? outside India related to b. Non-personal data c. Financial data d. Biometric data
Indian citizens
156
a. Sudden spurt of wire b. Accessing the system from
c. No sudden spurt in the
transfers to different and different locations or using a
Which of the following is not a characteristic of Money Mule Account transactions and account activity d. None of the above
unfamiliar areas/ VPN to conduct transaction to a
consistent with past history
geographies/ jurisdictions completely different location

157
The DPDP Act mandates entities to appoint a Data Protection Officer if
a. Small startups b. Significant Data Fiduciaries c. Any individual collecting data d. Government-only bodies
they are: