Welcome to our guide on “ISI” (Indian Statistical Institute), a renowned institution renowned for its pioneering work in statistical research and education. Established in 1931 by the visionary statistician Prasanta Chandra Mahalanobis, ISI has been a beacon of excellence in the field of statistics.
In this blog, we’ll delve into the history, academic programs, and contributions of ISI. From its inception in Kolkata to its present-day status as a leading institution, ISI has played a crucial role in shaping the landscape of statistical sciences in India and beyond.
ISI offers a wide range of academic programs, including undergraduate, postgraduate, and doctoral degrees, as well as specialized courses and workshops. Whether you’re interested in theoretical statistics, applied mathematics, computer science, or economics, ISI provides a platform for learning and research.
Moreover, ISI has made significant contributions to various interdisciplinary fields, including computer science, economics, and social sciences. Its alumni and faculty members have made groundbreaking discoveries and advancements, further solidifying ISI’s reputation as a hub of intellectual excellence.
Through this blog, we aim to provide readers with valuable insights into the world of ISI and its impact on statistical science and beyond. Whether you’re a student considering a career in statistics or a researcher seeking collaboration opportunities, we invite you to join us on this journey of exploration and discovery. Welcome to the world of Indian Statistical Institute!
So, let’s move on to the quiz questions with answers.
Q1. Which of the following is not true?
Select one:
a. An organization's security policies are interpretations of legal requirements that lead to compliance.
b. A regulatory agency may be granted the authority under the law to establish regulations.
c. Regulatory requirements establish what an organization has to do to meet business goals.
d. An organization's security policies establish how the organization achieves the regulatory requirements while meeting business goals.Q2. Miriam is an IT auditor. She is currently assessing the end users' operating environment and use of anti-malware software. Which part of the IT infrastructure is Miriam focusing on?
Select one:
a. User Domain
b. Workstation Domain
c. LAN Domain
d. LAN-to-WAN DomainQ3. An acceptable use, system access, Internet, and email policies are most likely to apply to which domain of a typical IT infrastructure?
Select one:
a. User Domain
b. Workstation Domain
c. LAN-to-WAN Domain
d. WAN DomainQ4. A __ considers the applicable laws and regulations and then sets the high-level requirements to secure and control the IT
infrastructure.Select one:
a. risk assessment
b. gap analysis
c. governance framework
d. guidelineQ5. A __ compares the desired outcome and the actual outcome.
Select one:
a. gap analysis
b. governance framework
c. policy statement
d. control objectiveQ6. Which of the following is true?
Select one:
a. Violating an internal organizational policy is always a violation of the law.
b. Only a court or regulatory body can determine if there are sufficient grounds for determining a violation of the law.
c. There are few risks to a business that are not addressed by laws and regulations.
d. The law rarely trumps policies with regulators and the courts.Q7. Wen is preparing to perform an initial security assessment of his organization's IT infrastructure. He has been asked to provide an overall view of the information systems across a broad scope. Which of the following is he going to perform?
Select one:
a. High-level security assessment
b. Comprehensive security assessment
c. Preproduction security assessment
d. Detailed risk assessmentQ8. True or False? Only a court or regulatory body can determine if there are sufficient grounds for determining a violation of the law.
Select one:
a. True
b. FalseQ9. True or False? A local area network (LAN) is a network that covers a large area, often connecting multiple wide area networks (WANs).
Select one:
a. True
b. FalseQ10. True or False? The User Domain of a typical IT infrastructure encompasses the end users of the systems, including how they authenticate into the systems.
Select one:
a. True
b. FalseQ11. Which domain of a typical IT infrastructure is the area between a trusted and an untrusted zone and is protected with one or more firewalls?
a. LAN Domain
b. LAN-to-WAN Domain
c. WAN Domain
d. System/Application DomainQ12. What is the best definition of a compensating control?
a. A control implemented when a baseline security control cannot be implemented
b. A type of blueprint or framework that sets the high-level requirements to secure and control the IT infrastructure
c. A type of internal policy that establishes how an organization meets regulatory requirements while meeting business goals
d. A legal interpretation of statutesQ13. Which of the following is least likely to be part of a privacy audit?
a. Privacy laws that are applicable to the organization
b. The cost of insurance to offset the risk of data loss due to theft or an accident
c. Whether policies and procedures for creating, storing, and managing privacy data are applied and followed
d. Whether specific controls are implemented and compliance tasks are being followedQ14. True or False? Just because a policy was violated does not mean it was a violation of the law.
Select one:
a. True
b. FalseQ15. True or False? A security assessment should address people, operations, applications, and the infrastructure throughout the organization.
Select one:
a. True
b. FalseQ16. True or False? Configuration and change management is a process of controlling systems throughout their life cycle to make sure they are operating as intended in accordance with security policies and standards.
Select one:
a. True
b. FalseQ17. Which domains of a typical IT infrastructure include routers, firewalls, and intrusion detection systems?
a. Workstation Domain and LAN Domain
b. Remote Access Domain and System/Application Domain
c. LAN-to-WAN Domain and WAN Domain
d. Remote Access Domain and LAN DomainQ18. True or False? A desktop computer, a mobile device, and a scanner are part of the Workstation Domain of a typical IT infrastructure.
Select one:
a. True
b. FalseQ19. True or False? One way to protect data in an organization is to conduct training and awareness around social engineering.
Select one:
a. True
b. FalseQ20. True or False? The System/Application Domain of a typical IT infrastructure includes systems on the network that provide the applications and software for the users.
Select one:
a. True
b. FalseQ21. What device or software solution creates an encrypted communications tunnel over a public network, such as the Internet, and in which domain of an IT infrastructure is it typically found?
a. Virtual private network (VPN), Remote Access Domain
b. Router, LAN Domain
c. Switch, WAN Domain
d. Domain Name System (DNS) server, System/Application DomainQ22. True or False? A policy provides step-by-step instructions that support a procedure by outlining how standards and guidelines areput into practice.
Select one:
a. True
b. FalseQ23. True or False? Risk can be mitigated, avoided, transferred, or accepted.
Select one:
a. True
b. FalseQ24. True or False? Control Objectives for Information and Related Technology (COBIT) is a government framework for critical security controls.
Select one:
a. True
b. FalseQ25. A standard is part of an IT security policy framework. What best defines a standard?
a. General statement of beliefs, goals, and objectives that regulate conduct
b. Mandated activities or rules that support policies
c. General statements of guidance that are not mandatory
d. Step-by-step instructions that support a policy by outlining how guidelines are put into practiceQ26. Which of the following is the best definition of privacy management?
a. A process of controlling systems throughout their life cycle to make sure they are operating as intended in accordance with security policies and standards
b. A targeted, concise, and technical review of information systems and vulnerabilities to determine risk
c. The process of protecting the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information
d. A process of evaluating real threats while considering the tradeoff between risk and benefitQ27. Which of the following is always considered personal and sensitive information and, in the wrong hands, is most likely to put a person at risk of identity theft?
a. Name
b. Name and social security number (SSN) combination
c. Email address
d. Name and email address combinationQ28. True or False? In the corporate world, an attestation is a formal management verification.
Select one:
a. True
b. FalseQ29. True or False? Compliance is an ongoing process that should be treated as a continuous function within the organization.
Select one:
a. True
b. FalseQ30. True or False? Policies are only effective if they are written.
Select one:
a. True
b. FalseQ31. True or False? An organization often writes policies to the specific language of the applicable law(s).
Select one:
a. True
b. FalseQ32. Configuration and change management is a multi-step process. What is the last step required before a change may be implemented in a production environment?
a. Identify and request a change.
b. Evaluate the change request.
c. Provide a decision response.
d. Monitor the change.Q33. True or False? A firewall may be placed between networks.
Select one:
a. True
b. FalseQ34. An audit of which domain of a typical IT infrastructure can include logon mechanisms and controls for access to the internal network, hardening and configuration of network systems, backup procedures for servers, and the power supply for the internal network?
a. LAN Domain
b. LAN-to-WAN Domain
c. Remote Access Domain
d. System/Application DomainQ35. True or False? Two-factor authentication requires, for example, something the user knows and something the user has.
Select one:
a. True
b. FalseQ36. Maria is an auditor trainee for a government agency. She works on a team that is evaluating agency controls to determine which controls could be automated. Which of the following is least likely to be automated?
a. Authentication methods
b. Event logging
c. Data encryption
d. Background checksQ37. Devaki is creating user types and high-level definitions of access rights for her organization's network. Which of the following access definitions would most likely apply to the role of security personnel employed within the organization?
a. Access is limited to specific applications and information.
b. Access is provided to set permissions, review logs, monitor activity, and respond to incidents.
c. Access is assigned to a type of user and not to the individual.
d. Access often includes unlimited read access to logs and configuration settings.Q38. Carl is an auditor. He is creating a plan to audit his company's IT infrastructure security. Which of the following objectives is Carl least likely to include in his plan?
a. Examine the existence of relevant and appropriate security policies and procedures.
b. Verify the existence of IT controls supporting security policies.
c. Examine human resources records related to IT staff onboarding.
d. Verify the effective implementation and ongoing monitoring of the IT controls.Q39. True or False? Policy enforcement must be performed manually.
Select one:
a. True
b. FalseQ40. True or False? A risk assessment addresses real threats while considering the tradeoff between risk and benefit.
Select one:
a. True
b. False
Answers: ISI Quiz Questions
- c
- b
- a
- c
- a
- b
- b
- a
- b
- a
- b
- a
- b
- a
- a
- a
- c
- a
- a
- a
- a
- b
- a
- b
- b
- c
- b
- a
- a
- b
- a
- c
- a
- a
- a
- d
- b
- c
- b
- a