8. How do you maintain critical banking operations and customer confidence?

a) Use alternative channels like manual processing and communication hotlines to support customers

b) Wait for full system restoration before any response

c) Focus only on recovering systems

d) Blame service providers for the downtime

9. What are your legal and regulatory obligations at this stage?

c) Notify affected customers and regulators as per data breach laws

a) Wait for attackers to release more data before acting

b) Keep the matter confidential to protect reputation

d) Issue a statement denying responsibility

Phase 4 – Recovery and Lessons Learned Inject 7: Backups are found to be partially corrupted. Inject 8: Customers begin withdrawing funds in mass due to panic. Discussion Points: 10. How do you restore systems securely?

a) Restore from the most recent clean backups and validate system integrity before going live

b) Reconnect encrypted systems to the network immediately

c) Pay the ransom for the decryption key without verification

d) Ignore corrupted backups and start rebuilding systems manually

11. How do you communicate service restoration and prevent reputational damage?

d) Provide transparent updates on restoration progress and customer protection measures

a) Blame the attackers publicly

b) Avoid communication to prevent panic

c) Announce “business as usual” even if systems are unstable

12. What policy or control gaps could have possibly contributed to this incident?

a) Lack of tested backup and incident response procedures

b) Overreliance on third-party vendors for cybersecurity

c) Insufficient employee awareness and phishing defenses

13. How can the board ensure accountability after the incident?

b) Commission a post-incident review and ensure lessons are integrated into enterprise risk management

a) Demand immediate resignations

d) Keep the incident confidential permanently

United Bank for Africa - Tabletop Exercise

Quiz

•

Information Technology (IT)

•

2nd Grade

•

Practice Problem

•

Hard

Obianuju Ego-Osuala

Used 1+ times

FREE Resource

13 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Scenario Overview
Several employees report being locked out of their workstations. A ransom note appears on their screens demanding $3 million in Bitcoin within 72 hours.
The attackers claim to have exfiltrated customer data, including financial records and personally identifiable information (PII).
The bank’s online services and mobile app are intermittently unavailable, and ATM transactions begin to fail.

Exercise Phases and Injects

Phase 1 – Detection and Initial Response
Inject 1: IT operations report that over 40% of endpoints are encrypted.
Inject 2: The SOC identifies the ransomware variant as “LockBit 3.0.”
Discussion Points:
1. How will you activate the incident response plan?

a) Wait for full confirmation from IT before acting

b) Immediately convene the incident response team and activate the incident response plan

c) Notify all staff to shut down their systems immediately without coordination

d) Escalate only to the CIO and await further direction

MULTIPLE CHOICE QUESTION

1 min • 1 pt

2. Who makes the call to shut down affected systems or the network?

a) The Board of Directors

b) The Chief Information Security Officer (CISO) in consultation with the board of directors and senior executives

c) Any IT staff member noticing the issue

d) The external managed service provider

MULTIPLE CHOICE QUESTION

1 min • 1 pt

3. How do you verify the extent of data exfiltration?

a) Assume all data is stolen

b) Wait for attackers to release data proof

c) Engage the forensics team to analyze network traffic and logs for data exfiltration evidence

d) Contact the regulator to confirm data loss

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Phase 2 – Communication and Escalation
Inject 3: A journalist emails the communications team claiming they received a leaked sample of customer data from the attackers.
Inject 4: The regulator (e.g., CBN or FDIC) requests an urgent report on the incident.
Discussion Points:
4. What is your communication strategy (internal/external)?

a) Silence until the attack is fully resolved

b) Publicly deny the incident immediately

c) Allow employees to post clarifications on social media

d) Coordinate internal updates and prepare approved external communication guided by legal and compliance teams

MULTIPLE CHOICE QUESTION

1 min • 1 pt

5. What message do you give to customers and the media?

a) Acknowledge the incident, assure investigation and customer protection steps

b) Downplay the incident to avoid panic

c) Share all technical details publicly

d) Redirect media to IT for responses

MULTIPLE CHOICE QUESTION

1 min • 1 pt

6. How do you handle disclosure to regulators and law enforcement?

a) Delay reporting until the ransom deadline

b) Promptly report the incident in line with legal and regulatory requirements

c) Report only after customer data is confirmed leaked

d) Only disclose if compelled by the regulator

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Phase 3 – Business Impact
Inject 5: Online banking remains unavailable for over 8 hours.
Inject 6: The attackers release 10,000 customer records on the dark web as proof.
Discussion Points:
7. What is your stance on ransom payment?

a) Immediately pay to restore operations

b) Evaluate payment only after consulting law enforcement, legal counsel, and considering regulatory and ethical implications

c) Refuse payment under all circumstances

d) Let IT decide based on system downtime

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

How Computer works

Quiz

•

2nd Grade

17 questions

Quiz Instance Store dan Amazon Elastic Block Store (Amazon EBS)

Quiz

•

1st Grade - University

15 questions

Organisational Tools for Students

Quiz

•

2nd Grade

13 questions

iSkyTech AlNas

Quiz

•

1st - 5th Grade

10 questions

Mengenal Live Streaming dan Konten Menarik

Quiz

•

2nd Grade

10 questions

Recuperação - Bancos de Dados - DDL

Quiz

•

2nd Grade

12 questions

TKA KWU

Quiz

•

2nd Grade

15 questions

Recuperação - Ciência da Computação - Redes de Computadores

Quiz

•

2nd Grade

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Information Technology (IT)

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

15 questions

Fun Christmas Trivia for Kids

Quiz

•

2nd Grade

26 questions

Christmas Songs

Quiz

•

2nd - 3rd Grade

10 questions

Christmas/Winter

Quiz

•

KG - 2nd Grade

20 questions

Christmas Movies

Quiz

•

1st - 12th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

2nd Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

1st - 3rd Grade

United Bank for Africa - Tabletop Exercise

13 questions

2. Who makes the call to shut down affected systems or the network?

3. How do you verify the extent of data exfiltration?

5. What message do you give to customers and the media?

6. How do you handle disclosure to regulators and law enforcement?

Phase 3 – Business ImpactInject 5: Online banking remains unavailable for over 8 hours.Inject 6: The attackers release 10,000 customer records on the dark web as proof.Discussion Points:7. What is your stance on ransom payment?

8. How do you maintain critical banking operations and customer confidence?

9. What are your legal and regulatory obligations at this stage?

Phase 4 – Recovery and Lessons LearnedInject 7: Backups are found to be partially corrupted.Inject 8: Customers begin withdrawing funds in mass due to panic.Discussion Points:10. How do you restore systems securely?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Phase 3 – Business Impact
Inject 5: Online banking remains unavailable for over 8 hours.
Inject 6: The attackers release 10,000 customer records on the dark web as proof.
Discussion Points:
7. What is your stance on ransom payment?

Phase 4 – Recovery and Lessons Learned
Inject 7: Backups are found to be partially corrupted.
Inject 8: Customers begin withdrawing funds in mass due to panic.
Discussion Points:
10. How do you restore systems securely?