Attempt CAIIB IT and Digital Banking Practice Questions & Download PDF

1. In a Decision Support System (DSS) for credit risk assessment in a bank, the ‘model base’ component serves what function?

A) Stores historical loan performance data and customer demographics
B) Contains financial, statistical, and simulation models used to analyse data and generate decision alternatives
C) Provides the user interface for bank officers to input loan parameters
D) Manages communication between the DSS and external credit bureaus

2. The concept of ‘Open Banking’ requires banks to share customer data with third-party providers (TPPs). What is the primary technical mechanism through which this data sharing occurs securely?

A) Direct database access granted to TPPs with encryption
B) Standardised APIs (Application Programming Interfaces) governed by regulatory frameworks
C) File transfer protocol (FTP) for batch data sharing
D) Screen scraping with bank-issued credentials

3. In the context of network security for banking, a ‘stateful inspection firewall’ differs from a packet filtering firewall primarily because it:

A) Operates at the application layer and inspects content of packets
B) Tracks the state of active network connections and makes decisions based on context, not just individual packets
C) Uses machine learning to identify zero-day threats
D) Decrypts SSL traffic for deep packet inspection

4. NPCI’s SFMS (Structured Financial Messaging System) is modelled after which international financial messaging standard and primarily used for which type of transactions in India?

A) Modelled after SWIFT; used for domestic interbank fund transfers and trade finance messages
B) Modelled after ISO 8583; used for card payment authorisation messages
C) Modelled after FIX protocol; used for securities trading messages
D) Modelled after SEPA; used for Euro-denominated payments within India

5. In the context of CBS implementation, what does the ‘two-phase commit protocol’ ensure in a distributed database environment across multiple bank branches?

A) All nodes agree to commit or abort a transaction atomically, preventing partial updates
B) Transactions are processed in two phases: debit phase followed by credit phase
C) Two independent authorisations are required for high-value transactions
D) Data is backed up in two separate locations before transaction completion

6. Under RBI’s Cyber Security Framework for Banks (2016), what is the minimum requirement regarding the security operations centre (SOC) for all scheduled commercial banks?

A) Banks may share a common SOC with their parent group companies
B) Banks must establish a dedicated Cyber Security Operations Centre (C-SOC) with 24×7 monitoring capability
C) Banks with assets below Rs. 1000 crore are exempted from SOC requirements
D) SOC functions can be fully outsourced without any internal oversight

7. In the context of e-commerce and banking, the ‘SET (Secure Electronic Transaction)’ protocol was developed to specifically address which security requirement in card-based online payments?

A) Encrypting the card number only during transmission without merchant authentication
B) Ensuring that merchants cannot see the cardholder’s card number while banks can verify the payment without seeing purchase details — dual signature mechanism
C) Providing a digital wallet that stores multiple card credentials
D) Authenticating the cardholder using biometrics rather than PIN

8. In machine learning applied to banking fraud detection, what is the primary challenge with ‘class imbalance’ in training datasets?

A) The model requires too many features to process efficiently
B) Fraudulent transactions are rare, causing models trained on imbalanced data to predict all transactions as non-fraudulent and achieve high accuracy but poor fraud detection
C) Training on imbalanced data always leads to overfitting regardless of the algorithm
D) Class imbalance prevents the use of supervised learning algorithms

9. The ‘Account Aggregator (AA)’ framework in India, regulated by RBI, operates on which fundamental principle that distinguishes it from other data sharing models?

A) Banks proactively share all customer data with AA for credit scoring
B) Customer data flows from Financial Information Providers (FIPs) to Financial Information Users (FIUs) only with explicit, consent-based authorisation managed by the AA
C) AA stores customer financial data in a central repository for easy access
D) AA functions as a credit bureau aggregating data from multiple banks

10. In the context of virtualization in banking data centres, what is the primary difference between ‘Type 1’ (bare-metal) and ‘Type 2’ (hosted) hypervisors?

A) Type 1 runs on top of a host operating system; Type 2 runs directly on hardware
B) Type 1 runs directly on hardware without a host OS; Type 2 runs on top of a host operating system
C) Type 1 supports more virtual machines; Type 2 provides better security isolation
D) Type 1 is used for test environments; Type 2 is used for production banking systems

11. Under the IT Act 2000/2008, Section 43A imposes liability on corporate bodies for negligent handling of sensitive personal data. A bank would be liable under this section if it:

A) Fails to implement reasonable security practices causing wrongful loss or wrongful gain to any person
B) Stores customer data beyond the prescribed retention period
C) Allows third-party access to customer data under court order
D) Charges fees for providing digital account statements

12. In the context of CBDC (Central Bank Digital Currency) proposed by RBI, what distinguishes Retail CBDC (e-₹-R) from Wholesale CBDC (e-₹-W)?

A) e-₹-R is token-based; e-₹-W is account-based
B) e-₹-R is for use by general public and businesses; e-₹-W is restricted to financial institutions for interbank settlements
C) e-₹-R earns interest; e-₹-W does not
D) e-₹-R is anonymous; e-₹-W requires full KYC

13. In the context of cloud computing adoption by banks, what does the ‘shared responsibility model’ imply for a bank using Infrastructure as a Service (IaaS)?

A) Cloud provider is responsible for all security from hardware to application
B) Bank is responsible for OS, middleware, applications, and data security; cloud provider is responsible for physical infrastructure and hypervisor security
C) Security responsibility is equally split 50-50 between bank and cloud provider
D) Bank has no security responsibility as cloud providers have certified infrastructure

14. In the context of biometric security in banking, which attack specifically targets fingerprint recognition systems by using a fake finger made of gelatin or silicone moulded from a latent fingerprint?

A) Dictionary attack
B) Replay attack
C) Spoofing attack (presentation attack)
D) Man-in-the-middle attack

15. In the Request for Proposal (RFP) process for selecting a CBS vendor, which evaluation methodology assigns quantitative scores to both technical capabilities and commercial terms to enable objective comparison?

A) Qualitative assessment by IT committee
B) Weighted Scoring Model (WSM) with predetermined criteria and weights
C) Selection of the lowest-cost bidder meeting minimum specifications
D) Reference check with existing customers only

16. In a Service Level Agreement (SLA) for core banking services, what does ‘Mean Time To Repair (MTTR)’ measure, and how does it differ from ‘Mean Time Between Failures (MTBF)’?

A) MTTR measures system reliability; MTBF measures repair speed
B) MTTR is the average time to restore service after a failure; MTBF is the average time between consecutive failures
C) MTTR applies to software issues; MTBF applies to hardware failures only
D) Both measure the same thing but MTBF is used for planning and MTTR for reporting

17. In the context of 5G network technology and its banking applications, what characteristic of 5G specifically enables ‘massive IoT’ deployment for banking use cases like ATM monitoring and branch sensor networks?

A) Ultra-low latency of less than 1 millisecond for real-time transactions
B) Peak download speeds of 20 Gbps for large data transfer
C) Massive Machine Type Communications (mMTC) supporting up to 1 million connected devices per square kilometre
D) Enhanced Mobile Broadband (eMBB) for high-quality video banking

18. In the context of Artificial Neural Networks (ANN) applied in banking for credit risk assessment, what is the ‘vanishing gradient problem’ and which architectural solution addresses it?

A) Gradients become too large during backpropagation; addressed by gradient clipping
B) Error gradients diminish exponentially as they propagate back through many layers, preventing effective learning in deep networks; addressed by LSTM or ReLU activation functions
C) The model overfits to training data; addressed by dropout regularisation
D) Input features have different scales; addressed by normalisation

19. Under RBI’s guidelines on IS Audit for banks, which type of audit specifically examines controls over the application software development lifecycle (SDLC)?

A) Concurrent audit
B) Application systems audit
C) Network vulnerability assessment
D) Compliance audit

20. In the context of Fintech and embedded banking, ‘Banking as a Service (BaaS)’ fundamentally enables which business model transformation?

A) Banks can outsource their core operations to fintech companies
B) Non-banking entities can offer banking products (accounts, payments, lending) by accessing licensed banks’ infrastructure through APIs
C) Banks offer cloud computing services to their corporate customers
D) Fintech companies can obtain banking licences more easily through regulatory sandboxes