Topic 24: Security

Question 1

What is Authorised Push Payment APP fraud? a) Customer pays via cheque b) Card is stolen at ATM c) Customer is tricked into approving a payment to a fraudster d) Payment fails due to network error

Answer 1

Answer: C - Customer is tricked into approving a payment to a fraudster

Question 2

What is synthetic identity fraud? a) Use of a stolen debit card b) Combining real and fake data to create a new identity c) Changing address details d) Using expired ID

Answer 2

Answer: B - Combining real and fake data to create a new identity

Question 3

What is insider fraud? a) Hacking a system from outside b) Accessing a card database externally c) Employees misusing internal access to commit fraud d) Fake ATM installed

Answer 3

Answer: C - Employees misusing internal access to commit fraud

Question 4

What is account takeover? a) Opening a new business account b) Customer switches bank c) Fraudster gains control of a legitimate account d) Cancelling a lost card

Answer 4

Answer: C - Fraudster gains control of a legitimate account

Question 5

What is phishing in the context of payment fraud? a) Fake investment strategy b) Physical skimming device c) Email scam to steal credentials or trick payments d) Use of fake loyalty cards

Answer 5

Answer: C - Email scam to steal credentials or trick payments

Question 6

What does smishing refer to? a) Social network impersonation b) SMS-based fraud to extract information c) Security breach from malware d) False delivery updates

Answer 6

Answer: B - SMS-based fraud to extract information

Question 7

What is vishing? a) Audio-based password verification b) In-person ID check c) Fraud via phone calls to deceive and extract information d) Changing email preferences

Answer 7

Answer: C - Fraud via phone calls to deceive and extract information

Question 8

What does the C in CIA triad stand for? a) Cost b) Confidentiality c) Centralisation d) Cloud

Answer 8

Answer: B - Confidentiality

Question 9

What does confidentiality mean in cybersecurity? a) Open user access b) Full audit history c) Preventing unauthorised access to data d) Data printing

Answer 9

Answer: C - Preventing unauthorised access to data

Question 10

What does integrity refer to in the CIA triad? a) System branding b) Backup speed c) Ensuring data accuracy and protection from tampering d) Full data access

Answer 10

Answer: C - Ensuring data accuracy and protection from tampering

Question 11

What is the A in CIA triad? a) Access b) Authentication c) Availability d) Allocation

Answer 11

Answer: C - Availability

Question 12

What does availability mean in system security? a) Blocking payment channels b) System shut down c) Ensuring systems are accessible when needed d) Auditing login attempts

Answer 12

Answer: C - Ensuring systems are accessible when needed

Question 13

What does multi-factor authentication use to verify identity? a) Only username b) Single password c) Combination of known possessed or inherent factors d) Address and date of birth

Answer 13

Answer: C - Combination of known possessed or inherent factors

Question 14

What is the purpose of transaction monitoring? a) Encrypt messages b) Detect suspicious payment patterns c) Confirm KYC forms d) Update customer contact details

Answer 14

Answer: B - Detect suspicious payment patterns

Question 15

How does behavioural analytics help prevent fraud? a) Compare prices b) Track login times c) Monitor customer habits to identify anomalies d) Verify CVV codes

Answer 15

Answer: C - Monitor customer habits to identify anomalies

Question 16

What are blacklists used for in fraud prevention? a) Filter spam messages b) Block known fraud actors from initiating payments c) Organise contact lists d) Store invoice numbers

Answer 16

Answer: B - Block known fraud actors from initiating payments

Question 17

What are customer alerts used for? a) Send monthly statements b) Inform about weather risks c) Notify users of login or payment activity d) Promote new products

Answer 17

Answer: C - Notify users of login or payment activity

Question 18

What is the first line of defence in fraud governance? a) External auditors b) Customer call centre c) Business units handling daily checks d) Law enforcement

Answer 18

Answer: C - Business units handling daily checks

Question 19

What is the second line of defence in security governance? a) Payment providers b) IT contractors c) Risk and compliance teams monitoring issues d) Sales representatives

Answer 19

Answer: C - Risk and compliance teams monitoring issues

Question 20

Who provides independent assessments as the third line of defence? a) Customer support b) Regulators c) Internal audit d) Product marketing

Answer 20

Answer: C - Internal audit

Question 21

What is a key purpose of regular reviews in security governance? a) Increase ad targeting b) Manage customer birthdays c) Strengthen fraud prevention and system resilience d) Identify new markets

Answer 21

Answer: C - Strengthen fraud prevention and system resilience

Question 22

Why is staff training important in fraud prevention? a) Ensure login speed b) Deliver uniform branding c) Help employees detect and respond to threats d) Promote credit usage

Answer 22

Answer: C - Help employees detect and respond to threats

Question 23

What is system redundancy used for in security? a) Back up to reduce service disruption b) Erase old transactions c) Track refund history d) Speed up logins

Answer 23

Answer: A - Back up to reduce service disruption

Question 24

How does DDoS mitigation relate to availability? a) Prevents data theft b) Stops insider fraud c) Protects systems from being overloaded and ensures uptime d) Blocks phishing emails

Answer 24

Answer: C - Protects systems from being overloaded and ensures uptime

Question 25

Why is layered security important in fraud prevention? a) Encourages faster transfers b) Simplifies backend systems c) Provides multiple defences across different threat points d) Disables manual controls

Answer 25

Answer: C - Provides multiple defences across different threat points