Skip to main contentAccessibility help

Accessibility feedback
Google
facebook cfo

All
Images
News
Videos
Web
Shopping
Books
More
Tools
Susan Li Chief Financial Officer
She joined the company, then called Facebook, in 2008.

Leadership & Governance - Meta Investor Relations

Meta Investor Relations

https://investor.fb.com › leadership-and-governance
About featured snippets
•
Feedback
People also ask
Who is the former CFO of Meta?
How long has David Wehner been CFO of Facebook?
Who is Meta's new CFO?
Meta चे नवीन CFO कोण आहे?
Feedback

Meta - Leadership & Governance - Person Details

Meta Investor Relations

https://investor.fb.com › leadership-and-governance › pe...
Susan Li is chief financial officer at Meta, where she leads the finance and
facilities teams. Prior to becoming CFO, Susan served as the company's vice ...

David Wehner

Wikipedia
https://en.wikipedia.org › wiki › David_Wehner
Wehner is the Chief Strategy Officer (CSO) of Meta Platforms (known until 2021 as
Facebook, Inc.). David M. Wehner. Wehner (2022). Occupation, CSO of Meta ...

CFO

Facebook · CFO
7.6K+ followers
CFO. 6782 likes · 23 talking about this. CFO has published award-winning finance
journalism for executives for more than 30 years.
Rating: 5 · 27 votes

Susan Li, Chief Financial Officer

Meta
https://about.meta.com › media-gallery › executives › su...
Susan Li is chief financial officer at Meta, where she leads the finance and
facilities teams. Prior to becoming CFO, Susan served as the company's vice ...

Dave Wehner, Chief Strategy Officer

Meta
https://about.meta.com › executives › david-wehner
Prior to joining Meta, Dave served as chief financial officer of Zynga Inc. Before
Zynga, Dave was a managing director at Allen & Company, an investment bank ...

Eduardo Saverin

Wikipedia
https://en.wikipedia.org › wiki › Eduardo_Saverin
Saverin is one of the co-founders of Facebook. In 2012, he owned 53 million
Facebook shares (approximately 2% of all outstanding shares), valued ...
Qwiki · Jumio · Chalet · The Accidental Billionaires

Facebook Parent Meta Creates New Position for Its CFO

WSJ
https://www.wsj.com › articles › facebook-parent-meta-...
28 Jul 2022 — The social media giant promoted CFO David Wehner to chief strategy
officer, a rare title for former finance chiefs, according to recruiters.

CFO India

Facebook · CFO India

13.2K+ followers
CFO India. 13299 likes. CFO India is India's largest and most-read B2B magazine
aimed at CFOs and finance professionals of India.
Rating: 5 · 1 vote

Meta gets new CFO as David Wehner moves to chief ...

CNBC
https://www.cnbc.com › 2022/07/27 › meta-gets-new-c...
27 Jul 2022 — Susan Li, Meta's current vice president of finance, will be the
Facebook parent's new chief financial officer. In this article. META-11.46 ...
People also search for

Eduardo Saverin

Marne Levine

Mark Zuckerberg

Javier Olivan

Chris Cox

Adam Mosseri
Feedback
Facebook cfo salary
Facebook CFO Eduardo
First cfo of Facebook
Facebook cfo email
Facebook cfo email address
Susan Li, Meta
Susan Li Meta CFO husband
CEO of Facebook
1
2
3
4
5
6
7
8
9
10
Next
ChatGPT Sidebar
Ask ChatGPT
David Wehner
Former chief financial officer of Facebook
Credit: Getty Images/Drew Angerer
Facebook CFO: 'We had a steep decline in ad revenue in March'
Facebook Parent Meta Creates New Position for Its CFO - WSJ
Facebook CFO Wehner: New EU privacy rules could impact daily ...
More images
David M. Wehner is the Chief Strategy Officer of Meta Platforms. Wikipedia
Education: Stanford University (1990–1993), Georgetown University (1986–1990),
Saint Louis Priory School
Profiles

Facebook

Instagram

X (Twitter)

LinkedIn
People also search for

David Ebersman

Mike Schroepfer

Chris Hughes

Sheryl Sandberg
Search for David Wehner
Feedback
India
Hinjawadi Phase II, Hinjawadi Rajiv Gandhi Infotech Park, Hinjawadi, Pimpri-
Chinchwad, Maharashtra - From your device
- Update location

Chat

New Conversation

🤓 Explain a complex thing

Explain Artificial Intelligence so that I can explain it to my six-year-old child.

🧠 Get suggestions and create new ideas

Please give me the best 10 travel ideas around the world

💭 Translate, summarize, fix grammar and more…

Translate "I love you into" French

GPT-3.5
Hello, how can I help you today?

write a skills for voice process 10

Claude 3 Opus
Here are 10 essential skills for voice processing:

1. Active listening: The ability to attentively listen to the speaker, understand

their message, and respond appropriately.

2. Clear articulation: Speaking clearly and distinctly to ensure that the listener
can easily understand the message being conveyed.

3. Vocal variety: Using changes in pitch, tone, volume, and pace to make the speech
more engaging and expressive.

4. Emotional intelligence: Recognizing and understanding the emotions of the

speaker and responding with empathy and sensitivity.

5. Adaptability: Being able to adjust one's communication style to suit different

audiences, contexts, and purposes.

6. Technical proficiency: Having a good understanding of voice processing software,

tools, and techniques to enhance the quality of the voice output.

7. Attention to detail: Paying close attention to the nuances of speech, such as

pronunciation, intonation, and emphasis, to accurately convey the intended meaning.

8. Patience: Maintaining composure and remaining patient when dealing with complex
or challenging voice processing tasks.

9. Creativity: Being able to think outside the box and come up with innovative
solutions to improve voice processing outcomes.

10. Continuous learning: Staying up-to-date with the latest developments in voice
processing technology and techniques to enhance one's skills and knowledge.

only key points

Claude 3 Opus
1. Active listening
2. Clear articulation
3. Vocal variety
4. Emotional intelligence
5. Adaptability
6. Technical proficiency
7. Attention to detail
8. Patience
9. Creativity
10. Continuous learning
From a customer’s point of view, just because the service provider has a privacy
policy doesn’t necessarily guarantee the protection of the personal data. Which of
the following controls help in adhering to the customer’s privacy requirements as a
part of the project engagement? Select correct option/s.

a. USB ports are blocked in the systems so that personal data cannot be copied to
USB drives without approval.

b. A web filtering software is implemented so that employees cannot access and post
customer’s personal data on social networking sites.

c. Privacy incidents are reported and managed as per the policy.

d. Printing of the customer owned personal data is prohibited.

e. All of the above

Claude 3 Opus
The correct option is:

e. All of the above

All the controls mentioned in options a, b, c, and d contribute to adhering to the

customer's privacy requirements as part of the project engagement. Let's break down
each option:

a. Blocking USB ports prevents unauthorized copying of personal data to external

drives, reducing the risk of data leakage.

b. Implementing web filtering software restricts employees from accessing social

networking sites and posting customer's personal data, mitigating the risk of
unauthorized disclosure.

c. Reporting and managing privacy incidents according to the policy ensures that
any breaches or incidents related to personal data are properly handled and
addressed.

d. Prohibiting the printing of customer-owned personal data minimizes the risk of

physical copies being misplaced, lost, or accessed by unauthorized individuals.

All these controls work together to strengthen the protection of customer's

personal data and help in adhering to their privacy requirements throughout the
project engagement.

While at work, you get a call from someone claiming to be from Wipro HRSS team
asking for information to correct ‘inconsistencies’ in your records such as
employee number, date of birth and address. What should be the most appropriate
response from you?

a. Provide your details as these are very basic details, and will be required to
update the records

b. Do not provide any details as this a type of social engineering attack often
used to steal user data

c. None of the above

Claude 3 Opus
The most appropriate response is:

b. Do not provide any details as this a type of social engineering attack often
used to steal user data

Here's why:

1. Unsolicited calls requesting personal information should always be treated with

caution. Legitimate organizations, including your own company's HRSS team, are
unlikely to ask for sensitive personal data over the phone without prior
notification or a secure verification process.

2. Social engineering attacks often involve impersonating a trusted entity, such as

a company's HR department, to trick individuals into disclosing sensitive
information. These attacks rely on manipulating people's trust and exploiting their
willingness to help or comply with authority figures.

3. Providing personal details like your employee number, date of birth, and address
to an unverified caller can put your personal information at risk. This information
could be used for identity theft, unauthorized access to accounts, or other
malicious activities.

4. If you receive such a call, the best course of action is to refrain from
providing any information and instead contact your company's HRSS team through a
verified channel, such as an official email address or phone number, to inquire
about the legitimacy of the request and any necessary updates to your records.

Always prioritize the security of your personal information and be cautious of

unsolicited requests, especially when they involve sensitive data.

Which one of the following would be classified as sensitive personal data?

a. Address

b. Name

c. Religion

d. None of the above

Claude 3 Opus
The correct answer is:

c. Religion

Sensitive personal data is a category of personal information that requires extra

protection due to its sensitive nature and the potential for discrimination or harm
if misused. Sensitive personal data includes information related to an
individual's:

1. Race or ethnic origin

2. Political opinions
3. Religious or philosophical beliefs
4. Trade union membership
5. Genetic data
6. Biometric data (when used for identification purposes)
7. Health data
8. Sex life or sexual orientation

In this context, religion is considered sensitive personal data because it falls

under the category of religious or philosophical beliefs. This type of information
is often protected by privacy laws and regulations, such as the European Union's
General Data Protection Regulation (GDPR).
In contrast, while address and name are considered personal data, they are not
typically classified as sensitive personal data on their own. However, it's
important to note that personal data can become sensitive depending on the context
and how it is used or combined with other information.

denial meani
Claude 3 Opus
I apologize for the confusion, but "denial meani" is not a complete or meaningful
phrase. It seems like you might have intended to ask about the meaning of denial.

Denial is a concept that can have different meanings depending on the context, but
generally, it refers to the refusal to acknowledge or accept something that is true
or real. Here are a few common contexts:

1. Psychology: In psychology, denial is a defense mechanism in which a person

refuses to acknowledge a painful or uncomfortable reality, often to cope with
stress, anxiety, or trauma.

2. Law: In a legal context, denial refers to the act of asserting that an

allegation is untrue or that a claim is invalid.

3. Business: In business, denial can refer to the refusal of a request, such as

denying a loan application or an insurance claim.

4. Everyday life: In general, denial can describe a person's refusal to accept or

acknowledge a fact or situation, such as denying responsibility for a mistake or
denying the existence of a problem.

If you have a more specific question or context in mind, please feel free to
provide more information, and I'll do my best to assist you further.

Which of the following can be classified as a privacy incident?

a. Uploading the documents containing personally identifiable information and

Sensitive personally identifiable information on public internet portal such as
drop box either intentionally or inadvertently

b. Providing personally identifiable information on phone to someone without

verifying their identity

c. Loss or theft or encrypted/unencrypted laptops containing personally

identifiable information of Wipro

d. All of the above

Claude 3 Opus
The correct answer is:

d. All of the above

All the scenarios mentioned in options a, b, and c can be classified as privacy

incidents. Here's why:

a. Uploading documents containing personally identifiable information (PII) and

sensitive personally identifiable information (SPII) on public internet portals,
whether intentionally or inadvertently, exposes that information to unauthorized
access. This is a breach of privacy and can lead to potential misuse of the data.

b. Providing PII over the phone to someone without verifying their identity can
also be considered a privacy incident. The person on the other end might not be
authorized to access that information, and this can lead to a breach of privacy and
potential misuse of the data.

c. Loss or theft of laptops containing PII, whether encrypted or unencrypted, can

also be classified as a privacy incident. If the laptop falls into the wrong hands,
the data can be accessed and misused, leading to a breach of privacy.

Therefore, all the given scenarios represent situations where personally

identifiable information is exposed to potential unauthorized access, which
qualifies them as privacy incidents.

Why is privacy important to businesses? Choose the best respose

A.It enhances trust among the business stakeholders

B.In many countries, Privacy is an important right for individuals

C.It is a regulatory requirement across geographies

D.All of the above

Claude 3 Opus
The best response is:

D. All of the above

Privacy is important to businesses for multiple reasons, including all the options
mentioned:

A. It enhances trust among the business stakeholders: When businesses prioritize

privacy and protect the personal information of their customers, employees, and
partners, it builds trust and confidence among these stakeholders. This trust is
essential for maintaining long-term relationships and ensuring the success of the
business.

B. In many countries, privacy is an important right for individuals: Many countries

recognize privacy as a fundamental human right and have laws and regulations in
place to protect individuals' privacy. Businesses operating in these countries must
respect and uphold these rights to maintain compliance and avoid legal
consequences.

C. It is a regulatory requirement across geographies: Privacy regulations, such as

the General Data Protection Regulation (GDPR) in the European Union and various
other data protection laws around the world, require businesses to implement
appropriate measures to protect personal data. Failure to comply with these
regulations can result in significant fines and reputational damage.

In summary, privacy is important to businesses because it helps build trust among

stakeholders, respects individuals' rights, and ensures compliance with regulatory
requirements across different geographies. All these factors contribute to the
overall success and sustainability of a business.

Wipro has recently signed a deal with a leading hospital in Europe to develop, host
and maintain an application that processes patient healthcare records. Which of the
following can be a privacy risk to this project?

a. The transfer of data will always be secured using a strong encryption

b. Wipro will engage a vendor to build and host this application on a Cloud
platform. However, the exact location of the data storage will not be known and
Wipro will not have the right to audit this vendor

c. Production data will never be used in the test environment. Only dummy data or
masked data will be used for testing purposes

d. There will be a designated compliance focal assigned to this project to ensure

compliance with customer’s data privacy requirements
Claude 3 Opus
The correct answer is:

b. Wipro will engage a vendor to build and host this application on a Cloud
platform. However, the exact location of the data storage will not be known and
Wipro will not have the right to audit this vendor

This scenario poses a privacy risk to the project for the following reasons:

1. Unknown data storage location: If Wipro does not know the exact location where
the patient healthcare records will be stored, it raises concerns about the legal
jurisdiction and data protection laws applicable to that location. Different
countries have varying data privacy regulations, and not knowing the storage
location makes it difficult to ensure compliance with the relevant laws.

2. Lack of audit rights: Without the right to audit the vendor, Wipro cannot verify
if the vendor is implementing appropriate security measures to protect the patient
data. This lack of transparency and control over the vendor's practices increases
the risk of data breaches, unauthorized access, or misuse of sensitive healthcare
information.

The other options mentioned do not pose significant privacy risks:

a. Using strong encryption for data transfer is a good security practice and helps
protect data privacy during transmission.

c. Using dummy or masked data in the test environment instead of production data is
a recommended practice to protect sensitive information and maintain data privacy
during testing and development phases.

d. Assigning a designated compliance focal to ensure compliance with the customer's

data privacy requirements is a proactive measure to mitigate privacy risks and
maintain adherence to agreed-upon privacy standards.

How can risks to privacy be minimized while collecting personal data?

a. Collecting only the personal data that is necessary for the defined business
purpose

b. Collecting data through an organization’s web server

c. Using a third party to collect and store data

d. Aggregating personal data upon collection

Claude 3 Opus
The correct answer is:

a. Collecting only the personal data that is necessary for the defined business
purpose

To minimize risks to privacy while collecting personal data, it is crucial to

adhere to the principle of data minimization. This means that organizations should
only collect personal data that is strictly necessary for the specific and
legitimate business purpose. Collecting excessive or irrelevant personal data
increases the risk of privacy breaches and can be seen as a violation of privacy
rights.

Here's why the other options are not the most effective ways to minimize privacy
risks:

b. Collecting data through an organization's web server does not inherently

minimize privacy risks. While it may provide some level of control over the data
collection process, it does not address the fundamental principle of collecting
only necessary data.

c. Using a third party to collect and store data can potentially increase privacy
risks if proper due diligence, contractual agreements, and oversight are not in
place. Entrusting personal data to a third party requires ensuring that they have
robust security measures and comply with relevant data protection regulations.

d. Aggregating personal data upon collection may help protect individual privacy to
some extent by combining data from multiple individuals. However, it does not
necessarily minimize privacy risks if the collected data is still excessive or not
essential for the defined purpose.

To effectively minimize privacy risks, organizations should:

1. Clearly define the specific business purpose for collecting personal data
2. Evaluate what personal data is truly necessary to achieve that purpose
3. Limit the collection of personal data to only what is required
4. Be transparent about the data collection practices and obtain appropriate
consent from individuals
5. Implement strong security measures to protect the collected data from
unauthorized access or breaches.

The options provided below contain both personal and sensitive personal data
attributes. Select the option which contains sensitive personal data attributes
along with personal data attributes.

a. Name, Age, Gender, Date of Birth

b. Employee ID, Cost Center, Home Address, E-mail Address

c. Employee ID, Religion, Blood Group, Date of Birth

d. Geo-Location, Phone Number, Emergency Contact Details, Passport Number

Claude 3 Opus
The correct answer is:

c. Employee ID, Religion, Blood Group, Date of Birth

This option contains both personal data attributes (Employee ID and Date of Birth)
and sensitive personal data attributes (Religion and Blood Group).

Sensitive personal data is a subset of personal data that requires additional

protection due to its sensitive nature and the potential for significant harm or
discrimination if misused. Sensitive personal data typically includes information
related to:

1. Race or ethnic origin

2. Political opinions
3. Religious or philosophical beliefs
4. Trade union membership
5. Genetic data
6. Biometric data (when used for identification purposes)
7. Health data
8. Sex life or sexual orientation

In the given option, "Religion" and "Blood Group" are considered sensitive personal
data. Religion is explicitly mentioned as sensitive data, while Blood Group is a
type of health data, which falls under the sensitive category.

The other options contain personal data attributes but do not include any sensitive
personal data:

a. Name, Age, Gender, Date of Birth are all personal data attributes.
b. Employee ID, Cost Center, Home Address, E-mail Address are personal data
attributes.
d. Geo-Location, Phone Number, Emergency Contact Details, Passport Number are
personal data attributes.

It's important to note that the classification of sensitive personal data may vary
slightly depending on the specific laws and regulations of different countries or
regions. However, the categories mentioned above are generally considered sensitive
personal data under most data protection frameworks, such as the European Union's
General Data Protection Regulation (GDPR).

Which of the following is a correct statement about personal data?

a. A personal data is any information that can be used on its own, or in

combination with other information, to identify an individual

b. Personal data is any information that relates to a group where individual

members of the group cannot be recognized

c. Personal data is any information that identifies an individual, either living or

dead
Claude 3 Opus
The correct statement about personal data is:

a. A personal data is any information that can be used on its own, or in

combination with other information, to identify an individual

This statement accurately describes the concept of personal data. Personal data
refers to any information that can be used to directly or indirectly identify a
specific living individual. This information can be used on its own or in
combination with other pieces of information to single out an individual.

Examples of personal data include:

- Name
- Address
- Email address
- Phone number
- Date of birth
- Social security number
- IP address
- Biometric data (e.g., fingerprints, facial recognition)

Option b is incorrect because personal data is not limited to information that

relates to a group. Even if the information relates to a group, if it can be used
to identify specific individuals within that group, it is still considered personal
data.

Option c is partially incorrect because personal data only relates to living

individuals. Information about deceased persons is not considered personal data
under most data protection laws, such as the European Union's General Data
Protection Regulation (GDPR). However, some countries or regions may have specific
laws that extend data protection to deceased individuals for a certain period after
their death.

In summary, personal data is any information that can be used, either directly or
indirectly, to identify a living individual, whether used alone or in combination
with other information.

Your laptop is stolen from your home during a burglary. You are not aware of any
personal data stored on your laptop. What action do you need to take?

a. Follow Wipro’s Security and Privacy Incident Management procedures to report the
loss immediately

b. Keep quiet

c. Call your manager and ask her what to do

d. Wait for a few days and report it to the police

Claude 3 Opus
The correct action to take in this situation is:

a. Follow Wipro's Security and Privacy Incident Management procedures to report the
loss immediately

When a laptop or any other device that may contain company information is stolen,
it is crucial to report the incident as soon as possible, even if you are unsure
whether there was any personal data stored on the device. Prompt reporting allows
the organization to assess the potential risk and take appropriate measures to
mitigate any potential data breach or security issues.

Reasons why the other options are incorrect:

b. Keep quiet - This is not an appropriate response. Failing to report a stolen

device can put the organization at risk and may violate company policies and data
protection regulations.

c. Call your manager and ask her what to do - While informing your manager is a
good step, the primary action should be to follow the company's established
Security and Privacy Incident Management procedures. These procedures are designed
to ensure a proper response to such incidents.

d. Wait for a few days and report it to the police - Delaying the reporting of a
stolen device is not advisable. The organization needs to be informed promptly to
assess the risk and take necessary actions. Reporting to the police is important,
but it should be done in parallel with following the company's incident management
procedures.

In summary, the best course of action is to immediately follow Wipro's Security and
Privacy Incident Management procedures, which are designed to handle such incidents
effectively and minimize potential risks to the organization and its data.
How can we prevent tailgating?

Train employees in physical security

Familiarize emplyees with social engineering

Inprove physical access security

All of the above

Claude 3 Opus
The correct answer is:

All of the above

Tailgating, also known as piggybacking, is a security breach that occurs when an

unauthorized person follows an authorized person into a restricted area. To prevent
tailgating, a combination of measures should be implemented:

1. Train employees in physical security: Educate employees about the importance of

physical security and the risks associated with tailgating. Teach them to be
vigilant and to challenge any unfamiliar person attempting to enter a restricted
area without proper authorization.

2. Familiarize employees with social engineering: Tailgating often involves social

engineering techniques, where an attacker may try to manipulate or trick employees
into granting them access. Training employees to recognize and respond
appropriately to social engineering attempts can help reduce the risk of
tailgating.

3. Improve physical access security: Implement strong physical access controls,

such as:
- Requiring employees to use individual access cards or biometric authentication
to enter restricted areas
- Installing turnstiles or mantraps that allow only one person to enter at a
time
- Implementing visitor management systems to track and control visitor access
- Using security cameras and monitoring systems to detect and respond to
tailgating attempts

By combining employee training, awareness of social engineering tactics, and robust

physical access security measures, organizations can significantly reduce the risk
of tailgating and enhance their overall security posture.

Only ________ will be allowed inside ODC

Snacks, fruits, vegetables

Sweets, Prasad

Drinking Water

None of the above

Claude 3 Opus
The correct answer is:

Drinking Water

In most Offshore Development Centers (ODCs) or secure work environments, there are
strict restrictions on what employees can bring inside the premises. These
restrictions are put in place to maintain a clean, safe, and secure working
environment, as well as to protect sensitive information and equipment.

Typically, the following rules apply:

1. Snacks, fruits, and vegetables are usually not allowed inside the ODC to prevent
food debris, smells, and potential pest infestations that could damage equipment or
create an unpleasant working environment.

2. Sweets and prasad (religious offerings) are also not permitted for similar
reasons, as they can attract pests and create a mess in the workspace.

3. However, drinking water is usually allowed and even encouraged inside the ODC.
Staying hydrated is essential for employees' health and well-being, and it is
unlikely to cause any damage to the equipment or compromise the cleanliness of the
workspace.

Therefore, among the given options, only drinking water is typically allowed inside
an ODC.

Carrying unauthorized devices such as Personal Laptop, Smart Watch and other
removable storage devices inside ODC is officially allowed. Yes or No?

May be

Yes

No

None of the above

Claude 3 Opus
The correct answer is:

No

In an Offshore Development Center (ODC) or any secure work environment, carrying

unauthorized devices such as personal laptops, smartwatches, and removable storage
devices is strictly prohibited. This policy is enforced to maintain the security
and confidentiality of sensitive information and to prevent data breaches or leaks.

Here's why the other options are incorrect:

1. "May be" is not a definitive answer and does not align with the standard
security practices in ODCs.

2. "Yes" is incorrect because allowing personal devices in a secure work

environment would compromise security and increase the risk of data breaches.

3. "None of the above" is also incorrect since "No" is the correct answer among the
given options.

ODCs have strict security protocols in place to protect their clients' data and
intellectual property. Employees are provided with company-issued devices that are
configured with necessary security measures and are subject to regular monitoring
and auditing. Personal devices are not allowed as they can introduce
vulnerabilities and make it difficult for the company to control and monitor data
access and usage.

Employees are allowed to escort guests into the ODC without prior approval in place
will be consider as?

Email Policy violation

Floor Policy violation

Internet usage violation

None of the above

Claude 3 Opus
The correct answer is:

Floor Policy violation

In an Offshore Development Center (ODC), allowing employees to escort guests into

the premises without prior approval is considered a violation of the floor policy.
Here's why:

1. ODCs have strict access control measures in place to ensure that only authorized
personnel can enter the premises. This is crucial for maintaining the security and
confidentiality of client data and intellectual property.

2. Guests, including visitors, contractors, or employees from other departments,

must go through a formal approval process before being granted access to the ODC.
This process typically involves submitting a request, obtaining necessary
approvals, and providing valid identification.

3. Escorting unauthorized guests into the ODC bypasses these security measures and
can potentially expose sensitive information to individuals who have not been
vetted or cleared for access.

The other options are incorrect because:

1. "Email Policy violation" refers to improper use of email communication and is

not directly related to physical access control.

2. "Internet usage violation" pertains to the misuse of internet resources and does
not apply to escorting guests into the ODC.

3. "None of the above" is also incorrect since "Floor Policy violation" is the most
appropriate answer among the given options.

Violating the floor policy by escorting unauthorized guests into the ODC can lead
to disciplinary action, as it compromises the security and integrity of the work
environment. Employees must adhere to the established access control procedures and
obtain necessary approvals before bringing any guests into the ODC.

Personal breaks allowed in a shift should not exceed to the maximum of

30 minutes

60 minutes

90 minutes

120 minutes
Claude 3 Opus
The correct answer to the question "Personal breaks allowed in a shift should not
exceed to the maximum of" is typically:
60 minutes

In most workplaces, the total duration of personal breaks allowed during a shift
should not exceed 60 minutes. Here's why:

1. Labor laws and company policies often stipulate that employees are entitled to a
certain number of breaks during their work hours, depending on the length of their
shift.

2. For a standard 8-hour shift, employees are usually allowed two 15-minute breaks
(one in the first half of the shift and another in the second half) and a 30-minute
meal break. This adds up to a total of 60 minutes of personal break time.

3. Exceeding 60 minutes of personal breaks in a shift can lead to decreased

productivity, as employees spend too much time away from their work
responsibilities.

The other options are incorrect because:

1. 30 minutes is usually insufficient for the total personal break time allowed in
a shift, as it does not account for the standard meal break.

2. 90 minutes and 120 minutes are excessive amounts of personal break time for a
regular shift and would significantly reduce an employee's work hours and
productivity.

It is essential for employees to adhere to the designated break times to maintain a

healthy work-life balance, ensure productivity, and comply with labor laws and
company policies. Managers should also make sure that their team members are taking
the appropriate number and duration of breaks during their shifts.

At no point of time, allocated work should be left midway or incomplete without

informing the Supervisor. Any challenge on completion of work should be addressed
to the Supervisor immediately and should not wait till end of the day. Yes or No?

Yes

No
Claude 3 Opus
Yes

The statement "At no point of time, allocated work should be left midway or
incomplete without informing the Supervisor. Any challenge on completion of work
should be addressed to the Supervisor immediately and should not wait till end of
the day." is correct.

Here's why:

1. Communication: Keeping your supervisor informed about the progress of your work
and any challenges you face is crucial for effective communication and problem-
solving. By immediately addressing issues, your supervisor can provide guidance,
support, or resources to help you complete your tasks efficiently.

2. Productivity: Leaving work incomplete or midway without informing your

supervisor can lead to delays in the overall workflow and affect the productivity
of the entire team. Timely communication ensures that your supervisor can adjust
priorities, redistribute work, or provide assistance to keep the project on track.
3. Accountability: As an employee, it is your responsibility to complete assigned
tasks within the given timeframe. Informing your supervisor about any challenges or
delays demonstrates your accountability and commitment to your work.

4. Problem-solving: Waiting until the end of the day to address challenges can lead
to missed opportunities for timely intervention and problem-solving. By bringing
issues to your supervisor's attention immediately, you can collaborate to find
solutions and prevent minor problems from escalating into major ones.

In summary, it is always best to keep your supervisor informed about your work
progress and any challenges you encounter, as it promotes effective communication,
maintains productivity, ensures accountability, and enables timely problem-solving.

Employees are allowed from installing or downloading any software from the office
internet? Yes or No?

Yes

No

May be
Claude 3 Opus
No

Employees should not be allowed to install or download any software from the office
internet without proper authorization. Here's why:

1. Security risks: Downloading software from untrusted sources or installing

unauthorized programs can introduce security vulnerabilities, malware, or viruses
into the company's network. This can compromise sensitive data, lead to data
breaches, or cause system failures.

2. Licensing and legal issues: Many software applications require proper licensing
for commercial use. Installing unlicensed or pirated software can put the company
at risk of legal action and financial penalties.

3. Compatibility and performance: Unauthorized software may not be compatible with

the company's existing systems, leading to performance issues, conflicts, or system
instability. This can affect productivity and cause disruptions in the workflow.

4. Network bandwidth and resource consumption: Downloading large software files can
consume significant network bandwidth and slow down internet speeds for other
users. Additionally, unauthorized software may consume system resources, affecting
the performance of other critical applications.

5. Maintenance and support: IT departments are responsible for maintaining and

supporting the company's software and systems. Unauthorized software installations
can increase the workload for IT staff, as they may need to troubleshoot issues or
remove problematic programs.

To mitigate these risks, companies should establish clear policies and procedures
regarding software installations and downloads. Employees should be required to
obtain approval from the IT department or their supervisors before installing any
software on their work devices. This ensures that only authorized, licensed, and
secure software is used within the organization.

Which of the item is not a policy violation?

Tailgating
Shoulder Surfing

Proving incorrect TAT/timelines to customers

Wearing ID cards as per policy

Claude 3 Opus
Wearing ID cards as per policy is not a policy violation.

Explanation:
1. Tailgating: This refers to an unauthorized person following an authorized person
through a secure access point, such as a door or gate, without properly
authenticating themselves. Tailgating is a security breach and violates most
security policies.

2. Shoulder Surfing: This involves someone attempting to gather confidential

information by looking over another person's shoulder while they are working on a
computer, entering a password, or viewing sensitive documents. Shoulder surfing is
a privacy violation and goes against information security policies.

3. Providing incorrect TAT/timelines to customers: TAT stands for "turnaround

time." Providing incorrect information about turnaround times or project timelines
to customers is a form of misrepresentation and violates policies related to honest
communication and customer service.

4. Wearing ID cards as per policy: This is the only item in the list that is not a
policy violation. In fact, most organizations require employees to wear their
identification cards visibly while on company premises. Wearing ID cards helps
maintain security, ensures only authorized personnel have access to specific areas,
and allows for easy identification of employees. Adhering to the company's ID card
policy is a good practice and does not constitute a violation.

What is Data Fudging?

Sending emails to unauthorized person

Updating Production Tracker with incorrect numbers

Accessing card to unauthorized floor

Sending customer details to personal maid id

Claude 3 Opus
Data Fudging refers to updating the Production Tracker with incorrect numbers.

Explanation:
1. Sending emails to unauthorized person: This action violates data privacy and
confidentiality policies by sharing information with individuals who do not have
the necessary permissions or clearance. However, it is not an example of data
fudging.

2. Updating Production Tracker with incorrect numbers: This is the correct

definition of data fudging. Data fudging involves intentionally entering false,
misleading, or manipulated data into a system, report, or tracker. By updating the
Production Tracker with incorrect numbers, an individual is misrepresenting the
actual production figures, which can lead to inaccurate reporting, wrong decision-
making, and a lack of trust in the data.

3. Accessing card to unauthorized floor: This refers to using an access card to

enter a restricted area or floor without proper authorization. While this action
violates security policies, it does not involve manipulating or falsifying data
and, therefore, is not considered data fudging.

4. Sending customer details to personal email id: Similar to sending emails to

unauthorized persons, this action breaches data privacy and confidentiality
policies. Sending sensitive customer information to a personal email account is a
serious violation but does not fall under the definition of data fudging.

In summary, data fudging specifically refers to the act of intentionally entering

incorrect or manipulated data into a system or report, such as updating the
Production Tracker with false numbers.

Time on Floor (TOF) is expected to be?

7 hours and 30 minutes

8 hours and 30 minutes

9 hours and 30 minutes

10 hours and 30 minutes

Claude 3 Opus
The expected Time on Floor (TOF) is 9 hours and 30 minutes.

Explanation:
Time on Floor (TOF) is a metric used in various industries, especially in
manufacturing and customer service, to measure the amount of time an employee
spends actively working on the production floor or attending to customers.

In most standard work environments, the typical workday consists of 8 hours.

However, this includes breaks, such as lunch breaks or short rest periods. TOF
specifically refers to the time spent actively working, excluding these breaks.

Assuming a 30-minute lunch break and two 15-minute rest breaks during a standard 8-
hour workday, the expected TOF would be calculated as follows:

Total workday: 8 hours (480 minutes)

Lunch break: 30 minutes
Rest breaks: 2 x 15 minutes = 30 minutes
TOF = Total workday - (Lunch break + Rest breaks)
TOF = 480 minutes - (30 minutes + 30 minutes)
TOF = 480 minutes - 60 minutes
TOF = 420 minutes (7 hours)

Therefore, the expected TOF in a standard 8-hour workday with a 30-minute lunch
break and two 15-minute rest breaks is 7 hours.

However, in some industries or companies, the workday may be longer, such as 9

hours and 30 minutes, to accommodate additional breaks or to meet production
requirements. In such cases, the TOF would be adjusted accordingly.

Given the options provided in the question, the expected Time on Floor (TOF) is 9
hours and 30 minutes.

I can leave my desk unlocked if I am solving the queries for my peer who is working
on the same project

Yes. Since same project, that's fine

Yes. We are inside secured ODC

No. Always lock your workstation if you step out

Yes. All are Wipro employees. We can trust them.

Claude 3 Opus
No, you should always lock your workstation if you step out, even if you are
helping a peer who is working on the same project.

Explanation:
Locking your workstation when you leave your desk is a crucial security practice
that should be followed consistently, regardless of the circumstances. Here are the
reasons why:

1. Data protection: Locking your workstation ensures that sensitive information,

such as project data, client information, or personal files, remains secure and
inaccessible to unauthorized individuals.

2. Compliance with security policies: Most companies, including Wipro, have strict
security policies that require employees to lock their workstations when leaving
their desks. Failing to do so may be considered a violation of these policies.

3. Preventing accidental or intentional misuse: Even if you trust your colleagues,

leaving your workstation unlocked exposes it to potential misuse, whether
accidental or intentional. Someone might inadvertently access sensitive files or
make unintended changes to your work.

4. Maintaining accountability: By locking your workstation, you ensure that you are
solely responsible for the actions performed under your user account. If your
workstation is left unlocked and someone else uses it, it may be difficult to trace
any unauthorized activities back to the responsible individual.

5. Protecting against external threats: In some cases, unauthorized individuals,

such as visitors or contractors, may gain access to the office. Locking your
workstation adds an extra layer of protection against potential external threats.

While it is important to collaborate and assist your peers, it should not come at
the expense of compromising security best practices. Always lock your workstation
when you step away, and if necessary, you can log back in to help your colleague
once you return to your desk.

What will be your course of action when confidential information are no longer
needed?

Keep it on the desk

Carry to your home

Shred or properly dispose

None of the above

Claude 3 Opus
The correct course of action when confidential information is no longer needed is
to shred or properly dispose of it.

Explanation:
When confidential information is no longer required, it is essential to dispose of
it securely to prevent unauthorized access and potential data breaches. Shredding
or properly disposing of the documents ensures that the information is destroyed
and cannot be reconstructed or misused by others.

Here's why the other options are incorrect:

1. Keep it on the desk: Leaving confidential information on your desk, even if it

is no longer needed, poses a significant security risk. Others may inadvertently or
intentionally access the information, leading to a breach of confidentiality.

2. Carry it to your home: Taking confidential information home is not an

appropriate way to dispose of it. It increases the risk of the information being
lost, stolen, or accessed by unauthorized individuals outside the office
environment.

3. None of the above: This option suggests that no action is required, which is
incorrect. Failing to properly dispose of confidential information can lead to data
breaches and non-compliance with data protection regulations.

Proper disposal methods for confidential information include:

1. Shredding: Using a cross-cut shredder to destroy paper documents, ensuring that

the information cannot be reconstructed.

2. Secure disposal bins: Placing confidential documents in designated secure

disposal bins that are regularly collected and destroyed by a trusted third-party
service provider.

3. Electronic data destruction: Using secure data erasure methods to permanently

delete confidential information stored on electronic devices, such as hard drives
or USB drives.

Always follow your organization's policies and guidelines for disposing of

confidential information, and when in doubt, consult with your manager or the
information security team for guidance.

Writing down passwords on paper, electronic medium like system hard disks, shared
folders and SharePoint or any other medium will be considered as?

Taigating

Password Sharing

Phishing

Shoulder Surfing
Claude 3 Opus
Writing down passwords on paper, electronic media like system hard disks, shared
folders, SharePoint, or any other medium is considered password sharing.

Explanation:
Password sharing refers to the practice of sharing or disclosing passwords to
others, either intentionally or unintentionally. Writing down passwords on any
medium, whether it's paper or electronic, is a form of password sharing because it
makes the passwords accessible to anyone who can find or access that medium.

Here's why the other options are incorrect:

1. Tailgating: Tailgating, also known as "piggybacking," is a physical security

breach where an unauthorized person follows an authorized person into a restricted
area without proper authentication.
2. Phishing: Phishing is a social engineering technique used by cybercriminals to
trick individuals into revealing sensitive information, such as passwords or
financial information, typically through fraudulent emails or websites.

3. Shoulder surfing: Shoulder surfing is a technique used to obtain sensitive

information, such as passwords or PIN numbers, by looking over someone's shoulder
while they are typing or entering the information.

Password sharing is a serious security risk because it compromises the

confidentiality and integrity of the password-protected information. When passwords
are written down or stored in unsecured locations, they become vulnerable to
unauthorized access, theft, or misuse.

To maintain password security, it is essential to follow best practices:

1. Memorize passwords instead of writing them down.

2. Use strong, unique passwords for each account or system.
3. Enable multi-factor authentication whenever possible.
4. Use a secure password manager to store and manage passwords if necessary.
5. Regularly update and change passwords, especially if there is a suspicion of
compromise.

Organizations should have clear policies and guidelines regarding password

management and should educate employees about the risks of password sharing and the
importance of maintaining password confidentiality.

Time in Office (TIO) should be maintained as per required norms of?

8 hours and 30 minutes

9 hours and 30 minutes

10 hours and 30 minutes

None of the above

Claude 3 Opus
Based on common work practices and labor laws in many countries, the required norms
for Time in Office (TIO) or working hours per day is typically 8 hours and 30
minutes.

This standard workday duration includes:

1. 8 hours of work time

2. 30 minutes of break time (often divided into a 15-minute morning break and a 15-
minute afternoon break)

The 8-hour workday has been a standard practice since the early 20th century and is
still widely followed in many countries. Some organizations may have slightly
different policies, but 8 hours and 30 minutes is a common norm.

The other options mentioned:

1. 9 hours and 30 minutes

2. 10 hours and 30 minutes

These longer workday durations are not as common and may not align with standard
labor practices or regulations in most cases. However, some industries, such as
healthcare or specific roles like consultants or investment bankers, might have
different norms based on their unique work requirements and cultures.

It's essential for organizations to adhere to local labor laws and regulations
regarding working hours, overtime, and breaks to ensure a fair and compliant work
environment. Employees should also be aware of their rights and the applicable
labor laws in their country or region.

coin image
∞
Upgrade

ChatGPT Sidebar
Ask ChatGPT
Complementary results

Make a Review & Earn Credit ❤

Chat
Ask
Search
Write
Image
ChatPDF
Vision
Full Page
Invite & Earn