1.

Information Seaurity has to be considered in which phase

of the Software Development Life Cyde (SDLC)?

Oa. Development Correct Answer

Secure Software
Ob. Testing Development Life Cycle
Oc. Planning shall be incorporated while
programming the software
Od.All of the above v which will help to inculcate
information security from
the initial stages of
development and help to
secure information from
unauthorized personnel's.
It is a far better practice to
integrate security across

the SDLC to help discover

and reduoce vulnerabilities
early and effectively
building security in.

2. Your aolleague tells you about a vulnerability in one of the

internal applications of Infosys due to which one can
access the personal information of Infoscions. What will

you do?

Oa. Exploit the security loophole to try and find out the Correct Answer
confidential information about other Infoscions Whenever you come across
a security weakness on an
Ob. Post the details on an online hacking forum to get
how to best exploit the vulnerability.
Infosys system/network,
help on
it
you should report
Oc. Post it in Infosys Yammer to warn fellow Infoscions immediately on the
from using the application Security Incident Portal
(Sparsh->Units at Infosys
Od. Report it to ISG via AHD (Advanced Helpdesk)/global
helpdesk/email >informationSecurity
Group->Report à Security
Incident) so that actions
3. Which of the following passwords meets Infosys password
requirements and would also be easy to remember?

Oa. Infy@123 Correct Answer

Ob. 1HGKSLN& For creating a Strong
password, follow the User
OcInFy4Evr$ password policy: At least
Od. Both b&c 8 characters in length
mixed case wherever
Oe. Both a and c possible-Include at least
two digitsor punctuation
characters. Note: Options
used here should not be
used as passwords and
passwords should be kept
confidential

4. You need to go on an emergency leave. Since you are

working on a critical task, your manager seeks your
credentials to avoid impact of services to the client in your
absence. What action would be most appropriate to
ensure security and continuity of services so that client
deliverables are not impacted?

Oa. You will refuse to share the password and assure your Incorrect Answer
manager that you can be reached over a call to obtain
Passwords should not be
the credentials in case of any urgent deliverables
shared with anyone under
Ob. You ill inform your manager that this will amount to any circumstances, even
a violation. Alternatively, client approval can be with the intention of
obtained for creation of an alternate user ID with similar meeting a deadline.
privileges for another team member to ensure Sharing passwords and
continuity of deliverables compelling others to do so,
is a serious violation of
Oc. You will not share your credentials with anyone under
policy that can result in
5. Youaccidentally find appraisal information of your team
mate In the project shared folder. What would you do?

Oa. You probe further to see how your team mate has Incorrect Answer
been rated
Though the appraisal data
Ob. You take a screenshot of the data and email it to your is in a shared folder, itis
team mate to confirm if this is really his rating confidential and not a
public information. Bring it
Oc. Log an AHD (Advanced Help Desk) request with cCD to the notice of your
(Computers and Communication Division) to rectify the manager immediately for
issue rectification.
Od. You delete the data to ensure it is not misused
Oe. You promptly notify your manager about this
unwarranted access to ensure timely remediation of the
issue

6. You come across a very useful and free reporting utility

which can be easily downloaded from the Internet to
create useful and appealing reports for your project. Will
yougo ahead and install it?

Oa. Yes, only if there is a valid business justification Correct Answ

Ob. Yes, only if you are a JL7 and above Downloading of software's
from the Internet could
Oc. No, since this could lead to downloading of malware. result in malware infection
Instead you can check an alternative utility in the and propagation within the
software house or raisea request in Software Security company network.
Validation Portal (SSVP) portal for a manager approved Software's must be
exception. downloaded from the
Od. Yes, as you plan to only use for the trial period authorized software's
available in the in house
Software Center. Further,
7. During aclient audit, the external auditor seeks for your
credentials. What would be your response?

Oa. Share it, else it will be recorded as a Non Correct Answer

Conformance
As per Infosys Password
Ob. Politely Decline it, as safeguarding your password is policy, passwords should
your responsibility and passwords should not be shared not be shared with anyone
with anyone under any circumstances irrespective of the
Oc. Since the auditing agency would have signed a NDA situation and position,
hencepolitelydecline.
(Non-Disclosure Agreements) with Infosys before the
audit, it is permitted to share as long as it is changed
immediately after the audit

Od. Obtain written approval from client and your manager

before sharing the credentials

8. As per Infosys policies, can username and password be

hardcoded in source code?

Oa. Yes Correct Answer

b. No Passwords shall never be
hard coded into code,
Oc. Depends on the criticality of the project scriptsete. as it could be
Od. Yes, with client approvals misused by malicious
actors to hijack systems
and network.

9. Match the malware to its correct properties

Oa. Worm -
Self replicating and independent malware; Correct Answer
Virus - Tracks user activities and steals information; A computer worm is a
Trojan- Automatically displays advertisements; and standalone malware
Ransomware- Needs user to launch the file computer program that

Ob. Worm - Self replicating and independent malware; replicates itself in orderto
spread to other computers.
Virus- Needs user to launch the file; Trojan Disguises
A computer virus is a type
as a useful program to trick users to download malware;
10. What is the most suitable MS Azure Information
Protection (AIP) label whille sharing a presentation with
dient names and future project detalls with your
Manager?
Oa. Use AlP (Azure Information Protection) label Correct Answer
Confidential'and select appropriate permissions by MS Azure Information
opting for a suitable sub level Protection (AIP) is the tool
Ob. UseAlIP (Azure Information Protection) label used to classify the
Internal'and select ap ropriate permissions by opting information dependingon
for a suitable sub level
the sensitivity of the
information. AIP has four

Oc.Use AlP (Azure Information Protection) label Critical

and select appropriate permissions by opting for a
labelsconfigured as per
Infosys Classification Policy
suitable sub level internal
-Public, Internal,
Confidential and Highly
Od. Use AIP (Azure Information Protection) label Confidential. There are
'Restricted' and select appropriate permissions by further sub labels such as
opting for a suitable sub level Company wide', 'Custom
permissions' and 'Audited
but not protected'to
ensure appropriate
protection is enabled for
data. Client and project
details can be considered
as Confidential data and
must be suitably protected
by AIP
11. Youreceive a call from an unknown number tellng you
that your debit card has been blocked and you must
verlfy your debit card and other personal detalls for it to
be reactivated. What is this type of socdal engineering
attack called?

Oa. Spear Phishing Incorrect Answer

Ob. Smishing There are different types

of Social Engineering
OcVishing attacks. Spear Phishing are
Od. Baiting more targeted phishing
attacks, Smishing is SMS
based phishing, Vishing is
attackers using phone calls
to trick victims into
handing over data and
Baiting is attackers set up
traps such as USB drives,
free download offers to
entice users.

12. Does, Infosys have the right to monitor, investigate and

wipe the corporate data from personal devices/BYOD
(Bring Your Own Device) in scenario like loss of device
etc.as per Acceptable usage policy?

Oa. Yes Correct Answer

Ob. No Infosys grants its
employees the privilege of
Oc. Varies from case to case using smartphones at work
for their convenience. As
per Infosys policy, in order
tonrauont.unnuthoriznd