SAQ ANSWER SHEET:​ The following document contains answers to the SAQ

test that needs to be completed by ​9th of December, 2020​. To overcome the possibility
of order of questions or options being shuffled, this document contains few text phrases
that will help you in marking the right answer. Despite having some data missing, this
document will ensure that you pass the SAQ. The quiz consists of 11 sections. Each
section has to be cleared to move on to the next section. ​Your progress in each
section is saved after you clear it so that you can exit any time and resume from
that same section again where you left.​ The document as of now contains the
Answer key to the first 5 sections. Please ​inform in the WhatsApp group which
section you are willing to take responsibility for & clear the quiz for that same
section after studying for the same​. Once you clear a section, you’ll be able to see all
the right answers for that section. Make note of all the correct answers from that section
so that it can be shared with everyone else. ​Once you have the Answer Key to your
section for which you studied, contact the editor of this document so that you
can be given access to edit it and help the remaining ones.

Please contribute to the answer key. Aisa kar ke tum kafi cool lagoge. Believe me!
 COMPUTER SECURITY

1- AIP-Client name & future project details shared with manager. . .

Ans: [A]-Confidential

2- Call from Unknown number. . .

Ans: [C]-Vishing

3- Infosys has the right to monitor, investigate, erase and wipe data. . .
Ans: [A]-Yes

4-Information security to be considered in which phase of SDLC?. . .

Ans: [D]- All of the above

5-Colleague tells you about vulnerability in one of the internal applications. . . What will you do?
Ans: [D]- Report to ISG via AHD

6-Which of the following passwords meets the Infosys requirement and would be easy to
remember?. . .
Ans: [C]- InFy4Evr$

7-External auditor seeks your credentials. . . What would be your response?. . .

Ans: [B] Politely decline it. . .

8-Can username and password be hardcoded?

Ans: [B]-No

9-Emergency leave. . manager seeks credentials to avoid impact of service. . .what would be
most appropriate to do. . .?
Ans: [B] Inform manager that this will be violation. . . Alternate user ID with similar privileges. . .

10-Accidentally find appraisal information in a shared folder. . . what will you do. . . ?
Ans: [E] Notify Manager

11-Very useful and free utility tool that can be easily downloaded from the internet. . . Will you
go ahead. . .?
Ans: [C] No, Since this could lead to Downloading of Malware.

12-Match the malware:

Ans: [B] Worm: Self replicating. . . Virus: Needs user to launch the files
 SECURITY USAGE AND EMAIL

1-Which circumstances permit downloading & use a trial version of software. . .?

Ans: [D] Not under any circumstances. . .

2-Working on a critical development project & facing difficulty in coding. . .what action to do. . .?
Ans: [C] Seek help of your manager who connects you to a senior developer in team

3-You want to complete a job over the weekend & you don’t have an Infosys/client laptop. What
is the best way to share. . .?
Ans: [FORGOT TO WRITE] Confidential client files must not be sent outside the client network.

4-You receive an email that appears to be from the Infosys Financial team requesting
credentials. What action to take. . .?
Ans: [C] Notify ISG by attaching suspicious mail for investigation

5-Correct medium to report Information security incident. . . ?

Ans: [B] Raising an AHD with ISG or option 2 in global helpdesk number

6-Planning to take online personal certification. . . What mail ID to use?

Ans: [B] Personal email ID and unique password

7-While browsing the Internet via Infosys, you accidentally come across a site which seems
malicious but is not blocked. . . What do you do. . .?
Ans: [B] Exit immediately & notify CCD & ISG through AHD

8. You have been working on a piece of code for client project…?

[B] No, client code…

9. Under which circumstances you are permitted to download and use trial version… ?
[D] not under any circumstances…

INFOSYS POLICIES
1. Appropriate sequence...
[C] classification, labeling, handling, disposal

2. Project that you were working under has closed...

[C] check with manager…
3. Find a printed document...
[D] shred the document...
4. Who is responsible for information security...
[d] every individual..
5. Matching of info to its classification
[d] source code: highly confidential, organisation chart: internal
6. Where can you find Information Security Policy
[e] option c & d

SECURITY WITHIN PREMISES & OUTSIDE

1. Security risks associated with removable media such as USB

[b] malware
2. During your visit to other …
[c] no
3. Travelling back home...
[c] explain…
4. Assigned a project operating from ODC
[d] get an explicit...
5. Hosting a conference...
[d] a & c
6. NOT security incident...
[b] b & d

BUSINESS CONTINUITY MANAGEMENT

1. Pandemic scenario is prevalent...

[c] follow guidelines..
2. Media approached..
[c] politely ask to ...
3. Noticed suspicious object...
[b] be vigilant...
4. Getting ready for office...
[d] call up the reception
5. Recently changed your mobile number
[b] update the number in telephone directory
6. Head of Phoenix..
[b] COO
 Intellectual Property Rights

1. Commercial offering - option a and b

2. Automation tool - yes, provided automation tool...
3. GitHub - yes. Provided comply with...
4. Who owns IP- employer
5. Bug in third party - no, decompilation of code...
5. Delivery Manager - approach IP team for…

PRIVACY & DATA PROTECTION

1. Scanned copy of passport. . . appropriate action. . ?

Ans: [D] Do no access

2. Personal info not be protected. . .?

Ans: [D] Name

3. Blood group of Infosys Colleague . . .

Ans: [D] Blood group is sensitive information

4. Respect privacy and protect personal data. . .

Ans: [D] All of the above

5. Intranet site. . .photographs of employees

Ans: [D] NOTA
6. Why protect personal info of partners and colleagues?
Ans: [D] Both a & b

7. Which about privacy policy is true?

Ans: [D]employees to have control or knowledge on what information about them are being
collected.

8. Most likely to be an acceptable data processing activity. . .

Ans: [C] Retaining employee’s travel claim expense detail. .

9. Your friend non-Infoscian looking for contact numbers. . .

Ans: [C] Since the contact number is personal data. . .

10. Not true regarding handling of PII

Ans: [A] PII collected from the employee must not be processed by the employee.

11. Performance assessment results of an Employee. . .

Ans: [B] Someone else’s personal info and not be shared. . .

ANTI BRIBERY & ANTI CORRUPTION MODULE

1. Prerequisite of bribe?
Ans: [D] All of the Above (​AOTA from here​)

2. Charitable contributions made on the behalf of Infosys

Ans: [D] AOTA

3. Colleague was offered a bribe, what do I do. . ?

Ans: [D] immediately raise a concern with the office of . . .

4. Customer sent son’s CV. . .How to proceed?

Ans: [D] upload CV on connectify

5. Client visiting infosys bangalore DC for first time. . . What can I offer as a memento?
Ans: [C] within limit of 100USD per person

6. Client has come from Stockholm to Bangalore to discuss business. . .

Ans: [B] 150 USD per person dinner expense

7. Vendor interface with Government Authorities. . .?

Ans: [D]AOTA
8. Wife started a small business engaging. . .
Ans: [B] Yes, . . .disclose conflict of interest module.

PEOPLE SECURITY & ASHI AWARENESS

1. Infosys policy on ASHI. . ?

Ans: [D] AOTA

2. Which behavior fall under purview of sexual harassment

Ans: [D] AOTA
 3. Mr. B is Mrs. A’s reporting manager. . .
Ans: [C] No, not sexual harassment, but agains’t the company’s code of conduct.

4. GRB considers cases that are reported by women only.

Ans: [B] False

5. How can Infoscian raise a complaint of sexual harrasement. . ?

Ans: [B] by writing to GRB

6. What is Internal Committee (IC)?

Option [C]: IC is set up in all our India DC’s…..

7. Ms. X & Mr. Y are peers who work in the same team. . ?
Ans: [B] Company has zero tolerance for false allegations

8. Project party outside office premises, . . .Mr. T intrude . . .

Ans: [A] True

9. GPM has no direct supervisory. . .

Ans: [A] True

10. Usage of sexual Slurs. . .

Ans: [A] True

PRIVACY & DATA PROTECTION FOR DELIVERY

1. Process client data for purpose relevant for delivering the service. . . ?
Ans: [B] Obtain client permission
2. Not likely to be personally identifiable. . .?
Ans: [B] Client Provided personal Financial Information

3. About to receive personal information from client. . .?

Ans: [B] Duty to inform clients about location processing. . .

4. Discovered a data breach pertaining to client by employee

Ans: [C] Immediately inform the DP Authority of the country

5. Process client personal data . . . require certain approved tool. What would be
acceptable?
Ans: [A] Inform client & request.
 Conflict of Interest and Code Certification

Q1. What is conflict of interest?

All of the above
Q2. Anticipate potential conflict of interest?
All of the above
Q3. Small business for delivering lunch?
No, nature of work is...
Q4. Contract with catering company?
No, your relationship with ABC...
Q5. Book on digital web enablement?
Yes, if option 1 and 2 are satisfied