In what way can a malware use your device to perform breach of security? Select the correct options.

If a user wants to share critical information outside of the organization for business purpose, how should he send t
Allowing ______ entry into restricted area is in violation of policy
Individuals who need and use ICICI data as part of their assigned duties or in fulfilment of assigned roles or funct

What is the purpose of access security policy?

Raj is an employee of the bank and he is loyal and honest towards his work. One day he comes to know that one o
You receive an email from HR@hroficici.com asking you to send your full name, login username, password, and
 confidential file needs to be forwarded to the finance department. Who all should be kept in loop?
What type of attack happens when an attacker simply walks in behind a person who has legitimate access?

Breach of Bank's Information security policy could result into

Which among the following statements is correct
Which of the following should be done for Data Leakage Prevention?
What is public data?

You see the message " Your computer is infected with a virus. Please click on the below link to remove it". What
Which of the following are examples of secret information?
Which of the following is true with regards to Shrink-wrapped/Freeware/Shareware Software?
Select all correct options. Human Firewalls are:
Which of the following is NOT a social engineering attack?
In phishing, attackers target using ________ to do social engineering
Which of the following are part of visitor management guidelines?
You login to your system using your password, read about strategic information related to a merger, and financial
What should you do if your official mobile computing device is stolen?
What are the important components of Triad of information security?
Which of the following is a strong password?
What should you do if you suspect you have received a phishing email?
Information Security is the process of
Which of the following is incorrect?
An unknown person is spotted following closely behind an employee and entering the restricted section of the bui
Access control systems provide ________ environment.
You are sitting in a café with your friend after work when your boss calls up, asking you to share some confidenti
Which of the following is true with regards to IT assets as per the policy?

What is the main purpose of DLP in the bank?

Which of the following are the characteristics of a strong password?
Which of the following is PII?
You receive the following communication on email: Please clear payment of this critical and sensitive invoice. I w
vacation and unavailable - CEO. What do you do?
Your official IT assets battery life has reduced drastically over the last few days. What should you do?
An electrician comes to your desk and asks you to step aside for a minute as he needs to check whether all the soc
Which of these is a preventive measure against a ransomware attack?
An employee does the following activities using the internet at work. Which of these activities are allowed?
Which of the following is true about phishing attacks?
DLP helps to:
Which of the following are genuine ICICI bank domains?
Information security is ______ responsibility. Select the most appropriate option.
Which of the following is a part of clear desk & clear screen policy?
What are the characteristics of secret data?
Jennifer receives an email claiming that her bank account information has been lost and that she needs to click a li
ISSP stands for Information Security _____ and Procedures
What type of phishing attack happens through SMS?
What should employees do upon resignation?
All users are required to read the _____
Data Classification is :
You want to leave your workstation. What should you do before you leave?
Which of the following is a type of malware? Click correct options.

Your security settings are not allowing you to download an important e-mail attachment sent by your customer. W
You receive a suspicious email requesting urgent action. What should you do?
You receive a phone call from an unknown person asking for PII of a customer. What kind of attack could this be
All of the above
Protect the file by Seclore and then send it.
Unauthorized
Data Users
Both i. and ii.
2,3,4
Forward the email to antiphishing@icicibank.com
People who fall under the 'need to know' principle
Tailgating
Both i
and ii
1,3,4
1,2,3
Information explicitly approved by management for release to public

Contact the Helpdesk/ISG Team

Strategic information like mergers and acquisitions, materially significant investment decision.
All of the above
1,2
Denial of Service attack
Email
All of the above
Secret
File an FIR with the police and submit a copy of the report to the concerned department
1,2,3
2,3
Forward the email to anitiphishing@icicibank.com
Protecting Information
The internet has made it hard to collect PII
Tailgating attack
All of the above
Ensure that you are in a private place and that you are not connected to a public network before sending the inform
All of the above
End users do not send critical information outside
the corporate network.
1,3
All of the above

Report the suspicious email to antiphishing@icicibank.com

Contact the helpdesk and ask for assistance
Lock the device, files and cabinets, step aside but keep a watch on what he is doing
All of the above
Only job-related activities such as research and educational tasks
All of the above
Protect bank's sensitive and confidential data from being shared outside bank’s internal network
1,2
Everyone's
All of the above
1,2
Phishing
Standards
Smishing
Surrender all their official devices to their manager or local IT personnel (as per the policy) to receive the required
Both i and ii
Act of classification of information based on sensitivity
Lock cabinets containing documents with sensitive information
Ransomware, Trojan
Inform IT helpdesk about the issue and ask them to
help with the same
1,2
Vishing attack
ent decision.

work before sending the information

ernal network

e policy) to receive the required clearance

 1 d
2 d
3 d
4 d
5 d
6 d
7 e
8 a
9 a
10 b
11 b
12 b
13 c
14 c
15 d
16 a
17 b
18 c
19 b
20 b
As per Regulation, periodic KYC updation for high risk customers should be done
Which of the following transactions requires an enhanced due diligence to determine whether it is suspicous
Photo debit card of the customer is used for
Informing or communicating to customers or any other third party (directly or indirectly) that a particular accoun
This is not a step in the money laundering process:
PMLA imposes the following obligations on banks:
Which of the following is not a source of illegal money:
The suspicious activity with respect to AML can be reported through which option in ICICI Universe page?
The beneficial owner of a legal person is defined as
Comparing the copy of the OVD submitted by the customer with the original OVD document and recording the sa
Two of the elements of ICICI Group AML Policy are
This document is accepted as an identity proof at the time of opening the account:
Money laundering Risk does not include which of the following:
Transactions that are inconsistent with the customer's known legitimate activities or nature of business are called

Customer identification procedures fall under which aspect of regulation:

A bank account is opened in the name of 'X' with full KYC of 'X'. 'X' later sells his account to 'Y', who is now us
Branches may open accounts for those customers who are not able to provide KYC documents, provided, the total
Customer transaction records need to be retained for how many years as per the PMLA
At this stage, money laundering is relatively easy to detect
Beneficial Owner

Placement stage is when cash is channeled into:

Illegal activity where stacks of gold, cash, jewellery or even rare stamps are moved from place to place is called:
As per Regulation, KYC updation for low risk customers should be done
There can be more than one red flag indicators in a transaction

At the integration stage of the money laundering process

The stage of money laundering which attempts to distance the funds from their illegal source by a series of compl
ICICI Group AML policy is applicable to all activities of the bank including its SBU's in India and abroad:
Adequate diligence is the fundamental requirement for any business transaction:
Use of multiple cash deposits each smaller than the minimum cash reporting requirement is called
PAN card issued by income tax department is an Officially Valid Document (OVD)
Proof of possession of Aadhaar number by a prospective customer is acceptable as an Officially Valid Docume

Money laundering is:

Central National Agency set up by the government which is responsible for receiving, processing, analyzing and
It is relatively very difficult to detect money laundering at this stage

Customer due diligence is an approach taken by the bank to:

Screening the names of all existing and proposed customers to ensure that their names do not match with the name
Which of the following is not considered to be a suspicious money laundering indicator
Transactions undertaken for non-account holders which exceeding Rs.50,000/- or which is an international money
Which of these is a suspicious transaction
Fresh proof of address shall not be sought at the time of Periodic Updation (Re-KYC) for _________ customers in
In which type of companies, identification & verification of beneficial owner is not necessary?
A person who undertakes transactions with the Bank but does not hold a bank account is called
The following document is NOT acceptable as an Officially Valid Document (OVD)
Consequences of money laundering are
The primarily AML legislation in India is the
What are the key Anti Money Laundering objectives of ICICI bank
As per PMLA, tipping off is an offence and the employees should be cautious not to violate this during their inte
An indicator of unusual customer transaction or activity is called
Which of these is a suspicious transaction
Smurfing is a method adopted to ____
Money laundering is usually carried out in:
at least once in 2 years
Frequent large value cash transactions in the bank account of a salaried person
Not an acceptable OVD
Tipping Off
Recovery stage
All Option
Charity
Report a Suspicion
1,2,3
Certified Copy
Both of the above
Driving license
None of the above
Unusual transactions
Know your customer
Regulations
A money mule account
₹1 Lakh
5 years from date of transaction
Placement stage
is always a natural person
Banks & Financial
Institutions
Smuggling
at least once in 10 years
1
Illegal funds are moved back
into the economy disguised
as legitimate funds
Layering
1
1
Smurfing
0
1
Converting illegal funds and
assets into legitimate funds
and assets
FIU-IND
Integration

Identify and verify customers

and beneficial owner

Combating Financing of Terrorism

Monthly salary credits in bank account
0
Customer makes or receives huge deposits or remittances which exceed his/her annual income
Low risk customers
Listed Companies
Walk in Customer
Ration Card
1,2
PMLA
1,2
1
Red Flag Indicator
Customer makes or receives huge deposits or remittances which exceed his/her annual income
avoid regulatory reporting requirements
Three stages
Employee can request or solicit entertainment offers (cricket match tickets, fashion show tickets, overnight stay at
Conflict of Interest can arise in following situation : Any person who has a material interest in a material contract
Which of the following is correct with respect to Personal investments?
You must not make any payment to or for anyone for the purpose of obtaining or retaining business or for obtainin
Using proprietary knowledge obtained through the course of employment to make investments that are not in the b
Silver coin of USD 100 can be accepted during Diwali ?
Any gift upto USD 200 can be accepted?
You can make misleading reports, claims or statements to government/regulatory authorities to cover up on any la
Exercise requisite due diligence while ______________________.
You can use official resources in another business in which you, a friend or family member is involved.
Which of the following is correct with respect to privacy and confidentiality?
Which of the following is correct with respect to Conflict of Interest?
The quality of our relationships with our suppliers and other external counter-parties has a direct bearing on our bu
The US Anti-Bribery Law, Foreign Corrupt Practices Act (FCPA) is applicable to ICICI Bank.
As per Personal Investment section of “the Code” providing non-public information to family members or friend o
As an employee of the Bank you should __________________________ .
ICICI Group has a Gender Neutral Policy that prohibits:
Any act with a fraudulent or malafide intention irrespective of whether there was any financial loss or loss of repu
Illustrative behaviour of Irregularities in High Risk Areas includes :
Which of the following are situations of conflict of interest?
You can offer or give any funds or property as donation to any government agency or its representatives, in order
Repeated negligence in performing duties will be considered as________________________ .
Which of the following is Incorrect with respect to Protecting ICICI Group's Assets?
Proprietary and confidential information include any ______________that gives ICICI Group an opportunity to o
Submit an annual statement of Conflicts of Interest to the _____________ of your Company.
Employees, officers and directors of ICICI Group are prohibited from:
While undertaking outside activities, you should not use the following for your personal benefit:
The ICICI Group _____________ conduct that implies granting or withholding favors or opportunities in return fo
Making false (or misleading) statements to regulators/ auditors/ ICICI Group representatives during investigations
Which of the following statement is correct with respect to acceptance of Non Token Gift?
Reports and documents that are required to be filed or submitted to regulatory authorities and other public commu
Bank’s________________ lays down standards employees should adhere to while communicating internally, exte
You must disclose and recuse yourself if any proposal is being discussed/ approved at any meeting/committee and
While undertaking personal investments, you must ensure that, it should not:
Which of the following is wrong with respect to Privacy and Confidentiality?
The limit upto which token gifts can be accepted is ____________.
Commit unethical acts simply because you see someone else doing it, or your supervisor not warning you.
Which of the following is correct with respect to Protecting ICICI Group's Assets?
Which of the following involves Conflict of Interest?
Prejudice an investigation by informing (i.e. tipping off) the person who is the subject of a suspicious transaction.
An employee must ensure that records, data and information owned, collected, used and managed for ICICI Group
Any concerns involving the Group Compliance Officer should be reported to the________________________ .
Can you take cash worth USD 50 as gift?
Employee should make their profile on social media in personal capacity and should not spread rumours or share a
As an ICICI Group employee, officer or director one must seek to avoid even the appearance of improper behavio
One of the customer has offered Amazon Voucher worth USD 75. In this case what would you do?
Notify ______________ immediately of any significant contacts made directly by a regulator.
Abide by the ICICI Bank _______________________.
Submit an annual statement of Conflicts of Interest to the _____________ of your Company.
Which of the following are Illustrative behaviour of Gross/Serious Violations ?
Reports and documents that are required to be filed or submitted to regulatory authorities and other public commu
Any gift, if offered should be :
ICICI Group expects all its employees, officers and directors to act in accordance with high professional and ethic
 0
1
Ensure adherence to the Code for Prevention of Insider Trading applicable to your Company
1
Personal investment that is contrary to the ICICI Group’s interests
No
Yes with an exception of cash/cash equivalents, gold, silver, vouchers etc.
0
Both of the above
0
All of the above
Business practices which sacrifice interests of one set of customers in favor of another.
1
1
1
1,2,3
1,2,3
Fraudulent Irregularities
1,2,3
Stake/ ownership of employee or his/ her family in an organization that does business with bank or is a competitor
0
Habitual Irregularities
All of the above
1,2,3
Compliance Group
1,2,4
1,2,3
discourages
1
In case refusal is rude and impolite the gift may be accepted, reported in the FCRM system and surrendered to the
1,2,3
Social Media Policy
1
1,2,3
All of the above
USD 200
0
Report any misuse or theft of assets, including instances of data leakage or data theft, by any employee or outsour
1,2,3,4
0
1
Board Governance & Remuneration Committee
No
1
1
Decline the offer, as vouchers are considered as Cash & Cash Equivalents and should not be accepted.
Compliance Group
All of the above
Compliance Group
All of the above
1,2,3
All of the above
1
ss with bank or is a competitor

system and surrendered to the Notified Gift Office

t, by any employee or outsourced agents of ICICI Group that comes to your notice

ld not be accepted.
An official of the Financial Intelligence Unit has sought for the transaction details of some listed customers, a
A relative of the customer approaches the branch for the account information of the customer. What is the rig
Which of the following is breach of Data Privacy?
Which of the following actions would ensure that privacy of customer data would be maintained?
A customer has closed his relationship with the bank. In this case
The organization has taken the customer details for the purpose of account opening and the customer has not op
Would sharing of customer personal information, after termination of the relationship amount to breach in pri
A person approaches the branch and request for a bank statement of his friend. The branch official should provi
What can be treated as personal information?
Data Privacy is the responsibility of the ______________of the organisation.
Which of the following is personal data for corporates
Does sharing an existing customer’s name and account balance with a prospective client amount to breach of d
Think Privacy is a rigid customer/employee data protection standards which gives no option of sharing the dat
A well known film actor opens an account with the bank. The personnel processing the account opening form
In an organisation, Data Privacy is the responsibility of
Privacy breach is an unauthorised access to, __________, __________ or ___________ of personal informati
A bank records information about some individuals who are shareholders of its corporate account holders. It c
An individual approaches the branch, praises the branch manager and staff for the manner in which the custome
Customer information should not be disclosed to anyone (including other employees or family and friends) who
Mr. X was carrying a laptop containing large amount of customer data for some official purpose. On the way,
Tax authorities demand for the personal details of the employees viz, the employee’s pay. In such a scenario what sho
Identify the purpose of collecting the information
At the day end, if you find your colleague has left the document containing customer/employee personal data
Once data is received by the bank, staff members as representatives of the bank can decide with whom it can be
Which of the following would lead to a Privacy Breach?
Which of the following is a privacy breach
Mr. Raj, a customer of the bank had defaulted in payment of his credit card dues. He was not available on any
If you have to send personal data of customer through mail for official requirement, what needs to be ensured:
Personal information is any identifiable information about ___________.
Bank makes a service call to the customer. But, the customer was not available on the call. It was answered by
Which of the following is not a Personal Data
In case of corporate, any information that is not available in the public domain but is shared with the ICICI Gr
Limit the access to your work areas and computers to authorized persons only.
A fellow employee calls up the phone banking or visits the branch mentioning that his colleague has met up wi
What out of the following is not a privacy breach
An employee of the Group Company seeks details of the bank customers, to cross sell their products. What shou
Which of the following is not a form of Privacy
Which of these is a Privacy Principle
While accepting customer's application and other service requests, one should make sure that:
Is it right to discuss customer related personal information in public areas like cafeteria, lifts, etc.
As per Data Privacy principles, it is always advisable to:
After the use of print outs containing customer/employee personal data what should one do
When can the disclosure be made without the consent of the customer
Which of the following statements are correct
Bank is unable to locate its customer who has stopped making loan repayments. The customer has shifted his re
Improper handling of data can cause serious consequences to which of the following:
A person approaches a branch seeking information pertaining to a certain account with a formal request letter. Th
An employer is investigating allegations of harassment against one of its employees. The employee in question
Can the performance related data of any employee be shared with other employees/outside parties.
What should one do, if the customer data is left unattended on printers for a long period of time?
An employee in his individual capacity keeps a database of his friend and relatives including their name, addres
An employer receives several applications for a job vacancy. The employer is successful in recruiting the desire
Following are the most common causes for Privacy Breach:
Think Privacy campaign has been launched to increase employee awareness on
 1,4
Check the authorization letter, satisfy that it meets the bank’s policy requirement and share the personal information
1,2,3,4
1,3
The bank can keep the basic details as required by the regulator and maintain confidentiality
1,3
Yes
1,2
2,3
Employees
2,3,4
Yes
No it is incorrect. Think privacy, is a principle based data protection standards which allow sharing of data to third pa
None of the above
Each employee
1,3,4
No
Should share the details only if he provides a proper authorisation letter from the customer
Yes
Encryption of laptop
scenario what should the employer do:
1,2
Lock it in your drawer and sensitise him/her the next day
Staff members as representatives can act only on the customers/employees consent, bank’s policies and on the prevai
Both a & b above
1,2
Destroy the excessive information
Send password protected files
Both a & b above
Inform the person who attended the call that since she is not the joint account holder details could not be shared with
None of the above
1
Yes
Deny the request
None of the above
Share the details of only those members who have opted for cross sell.
None of the above
1,2,3,4
1,2,3
No
2,4
Shred the document
1,3,4
2,3
can share the personal details of the customer without obtaining the consent of the customer
all of the above
1,2
Retain the record of investigation and add a note to the file recording the employee’s insistence that allegations are un
No
Try to identify the owner of the data and if ownership can't be ascertained then destroy the data
Employee himself
Wrong
1,2,3,4
Data Privacy
share the personal information

allow sharing of data to third parties as per customer/employee autorisation and to the extent that law permits.

nk’s policies and on the prevailing laws and regulations

etails could not be shared with her

nsistence that allegations are untrue.