Data Privacy and Compliance MCQ

Hello friends, in this post we are going to discuss about Data Privacy and Compliance Multiple choice questions | Data Privacy and Compliance Objective type questions | Data Privacy and Compliance MCQ | Data Privacy and Compliance Infosys Question Answer | Data Privacy and Compliance Infosys Dumps

Q1.What is timeline for a controller to report data breach to the supervisory authority under GDPR?

ANS – Without undue delay, but not later than 72 hours after becoming aware of it

Q2.What is true for PIA (Privacy impact assessment)?

A.Obligation of client(Controller) to intiate PIAs

B.Infosys role is to assist clients in their PIAs typically done when high risk data of individuals is processed

D. All of these

Ans: d

Q3.Viewing is considered as one of the types of Processing?


Q4.Which tool is used to certify compliance at Org level

A. Compliance Tracking System (CTS)
C. Sparsh
D. Harmony

Ans: A

Q5.What s the evidence for Records of Processing (RoP) m Infosys

C. ROP Sheet

D. All of these

Ans: D

Q6.What is Privacy?

ANS – Privacy is about providing an individual the knowledge and ability to exercise discretion on what information about collected and used in what manner and disclosed with whom

Q7.Who is a Data Subject?

A. The data subject is a living individual to whom personal data relates

B. Entity that determines the means and purpose of processing of personal data

C. Entity that processes personal data on behalf of a data controller

D. All of these

Ans: D

Q8.Privacy Breach should be notified to which department within the stipulated timeframe

A. Data Privacy Office (DPO) via AHD
D. Infosys Management

Ans: A

Q9.Which one of the below is considered as Pll?

A. Date of Birth
B. Website visit logs
C. Photograph
D. All the above

Ans: C

Q10.Which one of the below is considered as SPI?

A. Name
B. Biometric Data
C. Age

D.Telephone Number

Ans: B

Q11.What is the maximum fine for GDPR non-compliance?

ANS – 20m or 4% global turnover

Q12.Data transfer agreement (DTA) is not mandatory for the accounts which process

ANS – False

Q13.Client outsources to Vendor A Work involves processing of personal data Vendor A further outsources processing of personal data in Vendor B location. Identify role of each party.

ANS – client-controller; vendor A – Processor; Vendor B – Sub-Processor

Q14.How to identify a phishing email?

a. Unknown sender
b. Suspicious attachments/hyperlinks
c. Type errors
d. [External Email] tag
e. All of the above

Ans: E

Q15.You received a phishing email. What is/are the unacceptable practice/s you should refrain from/NOT do?

a. Click on URL mentioned in the email which will direct you to a phishing website.
b. Provide official or personal information.
c. Open suspicious attachment.
d. Forward or colleagues. share suspicious/spam email to your
e. All of the above

Ans: E

Q16.What is/are the acceptable practice/s when it comes to reporting phishing email?

a. Send the suspicious email to your manager, so that your manager will take this ahead
b. Send the suspicious email to ‘’ for further investigation
c. Send the suspicious email to ISG by reporting it to ‘’ for further investigation
d. Send the suspcious email directly from your Outlook using ‘Report Message’ further investigation
e. Both b and d

Ans: E

Q17.Which one of these statements Is correct?

a. You get an email with links embedded in it and prompting you to click &. submit information. It is okay to click the links in case you have anti virus protection.
b. You can trust an email that comes from a client if it uses the client’s logo & contains at least one fact about the client that you know to be true.
c. If you get a message from a colleague who needs your network password, you should never give it out unless the colleague says it’s an emergency.
d. If you get an email from Human Resources asking you to provide confidential information right away, you should check the authenticity of the email by connecting/verifying with HR.

Ans: D

Q18.In some cyber-criminals redirect the legitimate users to different phishing sites and web pages via emails, IMs, advertisements and spyware

a. URL Redirection
b. Denial of Service (DoS)
c. Phishing
d. Man in the Middle (MiTM) attack

Ans: C

Q19. An email that seems to be sent by your manager asks for the name, address, and credit card information of the company’s top clients. The email says it is urgent and asks you to immediately reply. You should reply right away.

ANS – False

Q20.You receive MFA authentication call/text SMS on your mobile for validating MFA, for a session not inititated by you. What will you do next?

ANS – Do not enter MFA PIN as the first level authentication session has not been initiated by you. Immediately report it to or raise an AHD under ISG

Q21. You are working on a project and unable to solve an issue. Hence you decided to search on the internet to get some help. While surfing you found a useful site urging you to key in your official credentials for required assistance. What action will you take?

a. Will register using official credentials as solving this issue is very critical
b. Won’t register using official credentials as it is unacceptable and would lead to an Information Security
c. Will register using official credentials as it is acceptable

Ans: B

Q22. You received a mail from an external domain. You were not sure if it is a Phishing email or not. So, you shared the mail with your teammates/manager/friends to check if the mail is genuine or a phishing mail. Is this an acceptable behaviour?

ANS – No

Q23. You get a text message from a vendor who asks you to click on a link to renew your password so that you can log in to their website. You should:

a. Reply to the text to confirm if you really need to renew your password.
b. Call the vendor to confirm if the request is genuine.
c. Click on the link. If it takes you to the vendor’s website, then you’ll know it’s not a scam.

Ans: B

Q24.You clicked on a phishing link but realized that this is not a genuine site and hence did not share any confidential information that was requested for. Should this still be reported as an Incident?

ANS – Yes

Q25.You have received a suspicious phishing email. Which email ID will you report it to ?

e. None of the above

Ans: A

Q26.Who should report an Information Security incident such as phishing email?

a. Any Infosys employee
b. Only Senior members in the team
c. Only JL7 and above employees
d. Only Unit heads

Ans: A

Leave a Reply

Your email address will not be published. Required fields are marked *