Exam

Exam Detail Report

True or False Single Choice Multiple Choice Subtotal

Question Count 10 10 10 30
Score 20 30 50 100
Score 16 24 50 90

Personal Information

uniportal_741887300
Account
4
Full Name 7418873004
Department Temp
Job Temp

True or False

1. (2Point(s))(True or False) When team members work together in the customer‘s venue, to avoid
disturbing the customer, the team members can share the accounts under the condition that the accounts
and passwords will not be disclosed.

 True
 False

Right Answer:False
My Answer:False
Score:2

2. (2Point(s))(True or False) If risky operations (such as software upgrade, important hardware

replacement, and network structure change) are performed on the customer‘s equipment, you must
explain to the customer in written form in advance. The operation can be only performed with the
customer‘s consent. The operations should be based on data from the lab or network simulation.

 True
  False

Right Answer:True
My Answer:True
Score:2

3. (2Point(s))(True or False) When you are idle, you can use the customer network to do things irrelevant
to your work, such as playing online games and logging in to irrelevant websites.

 True
 False

Right Answer:False
My Answer:False
Score:2

4. (2Point(s))(True or False) You can run unauthorized software on a customer network without written
authorization from Huawei or Huawei client, and can use software versions, patches, or licenses that are
not obtained through official channels.

 True
 False

Right Answer:False
My Answer:True
Score:0

5. (2Point(s))(True or False) Employees should scan and remove viruses on computers/terminals

regularly. The computers or storage media with discovered or suspected viruses must not access customer
networks.

 True
 False

Right Answer:True
My Answer:True
Score:2

6. (2Point(s))(True or False) You must obtain customers‘ written authorization before you install any
tools or software on customer networks. In emergency cases, if you cannot get into touch with customers,
you can install temporary software on customers‘ devices and delete it immediately after the task is
completed.

 True
 False

Right Answer:False
My Answer:False
Score:2

7. (2Point(s))(True or False) During device commissioning and software upgrade, you must obtain the
software version from a valid channel.

 True
 False

Right Answer:True
My Answer:False
Score:0

8. (2Point(s))(True or False) During equipment commissioning, test account information and account
service functions cannot be added without the customer‘s permission.

 True
 False

Right Answer:True
My Answer:True
Score:2

9. (2Point(s))(True or False) During device commissioning and software upgrade, you can obtain the
software version from unknown channels.

 True
 False

Right Answer:False
My Answer:False
Score:2

10. (2Point(s))(True or False) Cyber security redline requirements: After commercial use or transfer-to-
maintenance, do not retain or use the administrator account or other unauthorized accounts. Therefore,
after the project is transferred to maintenance or commercially used, the network account password must
be handed over to the customer, and the customer needs to change the initial password and sign for
confirmation.

 True
 False

Right Answer:True
My Answer:True
Score:2

Single Choice
11. (3Point(s))(Single choice) Data that contains personal information in carrier networks should be
transferred to Huawei headquarters for troubleshooting. Which of the following actions is incorrect?

 A.A. Ask for the consent of carriers and perform necessary procedures as
required by local laws.
 B.B. When data is transferred to the headquarters, proper organizational and
technical measurements must be taken to ensure data security.
 C.C. Problem solving is the top priority, and the data should be transferred as fast
as possible.
 D.D. Ask for advice from the manager and cyber security department if you do
not know how to deal with it.

Right Answer:C
My Answer:C
Score:3

12. (3Point(s))(Single choice) Regarding the description of issue feedback and help channels of cyber
security, which of the following statements is incorrect?

 A.A. Cyber security issue feedback is the responsibility of employees in cyber

security positions and is not related to other employees.
 B.B. During project construction, a subcontractor should strictly comply with
related product security specifications. Every inspected subcontractor should actively
cooperate in the inspection and may not refuse or impede the inspection. Any problem
found should be solved immediately.
 C.C. If you are uncertain about the construction process, contact the director of
the Huawei project team or contact Huawei project manager to confirm the
requirements and then perform the construction.
 D.D. If a cyber security incident occurs during construction, the subcontractor
shall notify the supervisor of the corresponding Huawei project team immediately or
directly contact the project manager of Huawei.

Right Answer:A
My Answer:D
Score:0

13. (3Point(s))(Single choice) Which of the following statements is correct regarding network security?

 A.A. Before commissioning, you do not need to check whether irrelevant

software and files exist on the device.
 B.B. In the commissioning phase, you can add the test account information and
account service functions to facilitate work without the customer‘s permission.
 C.C. The test account information and balance modification information created
during commissioning can be retained only after the customer requires and signs for
confirmation.
  D.D. When you are idle, you can use the customer network to do things irrelevant
to your work, such as playing online games and logging in to irrelevant websites.

Right Answer:C
My Answer:C
Score:3

14. (3Point(s))(Single choice) Which of the following is a non-compliant customer authorization method?

 A.Emails
 B.Meeting minutes
 C.Faxes
 D.Oral commitments
 E.Service applications

Right Answer:D
My Answer:C
Score:0

15. (3Point(s))(Single choice) Which of the following statements is incorrect about data usage?

 A.A. Papers containing customer network data must be destructed.

 B.B. If an employee changes positions, the employee should recycle or conduct
unrecoverable deletion of the customer network data and cancel the corresponding
information system assess rights.
 C.C. The customer network data in out-of-service devices can remain
undamaged.
 D.D. If devices and storage media are returned from sensitive areas, the contained
customer network data must be erased unless the customer asks for reserving.

Right Answer:C
My Answer:C
Score:3

16. (3Point(s))(Single choice) The Cyber Security Baseline Management Requirements mentions that ____
is the primary responsible owner for cyber security assurance of the corresponding service network. ____
should be responsible for every action that he/she makes and its consequences.

 A.A. business directors at all levels; Employees

 B.B. project managers; Employees
 C.C. business directors at all levels; Directors
 D.D. project managers; Employees

Right Answer:A
My Answer:A
Score:3

17. (3Point(s))(Single choice) Which of the following statements about customer authorization is
incorrect?

 A.A. Before viewing device data, you must obtain written authorization from the
customer in advance.
 B.B. Before collecting device data, you must obtain written authorization from
the customer in advance.
 C.C. Before modifying device data, you must obtain written authorization from
the customer in advance.
 D.D. Before access customer networks, you do not need to obtain written
authorization from the customer in advance.

Right Answer:D
My Answer:D
Score:3

18. (3Point(s))(Single choice) Which of the following statements about third-party devices during service
delivery is incorrect?

 A.A. During service delivery, engineers are not allowed to operate devices from
other vendors in the customer‘s equipment room (except when it is an equipment
migration project, when Huawei provides the auxiliary equipment, or when the
operation interfaces of the devices from other vendors belong to Huawei in a managed
service project).
 B.B. Responsibilities towards third-party equipment should be fulfilled according
to the responsibility matrix. You are not allowed to operate or change the third-party
equipment at will.
 C.C. Third-party security software can be modified to meet service requirements
if necessary.
 D.D. If the equipment of a third-party vendor is to be migrated, the equipment
that contains the storage medium must be processed according to the customer
requirements.

Right Answer:C
My Answer:C
Score:3

19. (3Point(s))(Single choice) Huawei‘s definition of cyber security is to ensure the availability, integrity,
confidentiality, traceability, and robustness of ____ based on a legal framework. Additionally, it protects
the ____ carried therein and the flow of unbiased information. Cyber security assurance aims to prevent
the economic benefits and reputation of Huawei and its customers from harm. Cyber security protects
Huawei‘s employees or the company itself from bearing civil, administrative liability, or even criminal
liability, and avoids cyber security to be used as an excuse for trade protection, and a fuse that sets off an
international political crisis.
  A.A. Products and solutions; information of customers‘ products and systems
 B.B. Products, solutions, and services; customers‘ or users‘ communication
content, personal data, and privacy
 C.C. Products, services, and solutions; security of customers‘ products and
systems
 D.D. Products and services; customers‘ or users‘ communication content,
personal data, and privacy

Right Answer:B
My Answer:B
Score:3

20. (3Point(s))(Single choice) Which of the following methods is incorrect for transferring important
information such as system passwords during network maintenance?

 A.A. Face to face communication

 B.B. Communication over the phone
 C.C. Notifying the other party through an encrypted email
 D.D. Faxes

Right Answer:D
My Answer:D
Score:3

Multiple Choice

21. (5Point(s))(Multiple choices) An R&D engineer comes to the site to support a test project. Customer
engineer A authorizes this R&D engineer to assign one set of account and password. This engineer
forwards the account and password to multiple customer engineers and certain customer executives
through email. Which of the following statements are correct?

 A.A. Accounts and passwords are provided to multiple customer engineers. This
behavior does not violate cyber security requirements.
 B.B. Disseminating/Sharing accounts and passwords violates cyber security
regulations.
 C.C. The R&D engineer gives away the account and password unintentionally
and therefore does not violate cyber security regulations.
 D.D. The R&D engineer should carefully check the customer authorization scope.

Right Answer:B,D
My Answer:B,D
Score:5

22. (5Point(s))(Multiple choices) Which of the following statements about remote access process
management are correct?
  A.A. Before remote access, the customer‘s authorization in written form must be
obtained and the authorization scope and time limit must be specified. The remote
access operation solution must be approved by the project team and experts.
 B.B. During the fault locating process, if customer network information
collection is required, you must state the scope, purpose, and security measures to the
customers and obtain their written authorization.
 C.C. The software, versions, patches, and licenses installed on the customer
network in remote access must be from official channels of Huawei, including the
support website, formal emails, and the 3MS case library.
 D.D. After the remote service, you should ask the customer to close remote
service environment on the device side, including cutting off the remote service
connection and terminating the remote service software. You should also remind the
customer to change the password used during the remote service.
 E.E. After the remote service, you should delete the data and information
obtained from the customer network in time. If you need to retain the data, the
customer written authorization must be obtained.
 F.F. There must be strict recording of server logins. Every user should record the
login information in a paper document or IT system.

Right Answer:A,B,D,E,F
My Answer:A,B,D,E,F
Score:5

23. (5Point(s))(Multiple choices) Which of the following statements about Huawei‘s cyber security
requirements for subcontractors are correct?

 A.A. Comply with cyber security regulations of the country where you are
located.
 B.B. Comply with Huawei‘s delivery process and cyber security requirements.
 C.C. Continuously strengthen cyber security awareness and attend cyber security
trainings.
 D.D. Strengthen the self-check of cyber security onsite behavior.

Right Answer:A,B,C,D
My Answer:A,B,C,D
Score:5

24. (5Point(s))(Multiple choices) Which of the following statements are correct about data storage?

 A.A. You must properly manage paper documents and storage devices that
contain data to prevent unauthorized access or data loss.
 B.B. You must strictly control access permissions to customer network data and
maintain permissions on a regular basis.
 C.C. You must back up data and protect data from viruses.
  D.D. Before leaving a security-sensitive area, you must delete customer network
data stored in devices or storage media being carried or transfer the data to a local
server or other storage media protected with security measures.

Right Answer:A,B,C,D
My Answer:A,B,C,D
Score:5

25. (5Point(s))(Multiple choices) Which of the following information cannot be spread or disclosed during
service delivery?

 A.A. Site location, site equipment configuration, and networking solution

 B.B. IP address, device password, technical specifications, and KPIs
 C.C. Frequency resources, interconnection parameters, and service features
 D.D. Charging information, pipeline information, and terminal user information

Right Answer:A,B,C,D
My Answer:A,B,C,D
Score:5

26. (5Point(s))(Multiple choices) Which of the following requirements are true about the use of tool
software?

 A.A. Tool software is certified by product lines for cyber security redline
compliance before being released. The applicable scope of tool software should be
specified in release based on the security redline test results.
 B.B. All tools (including tools customized for the frontline) should be released at
and downloaded from the support website and product catalogs. Employees can only
download tool software from the support website and product catalogs and use it
within the required scope.
 C.C. Employees must not download or use tool software from non-official
channels, for example, download or use third-party software from the Internet, or
obtain or use tool software from R&D through non-official channels.
 D.D. In emergency cases, employees can download third-party software from the
Internet for the purposes of service processing and customer requirement satisfaction.
However, after that, they must report to the tool management department and Cyber
Security Office.

Right Answer:A,B,C
My Answer:A,B,C
Score:5

27. (5Point(s))(Multiple choices) Regarding the description of system account management and access
right control, which of the following statements are correct?
  A.A. Remind the customer to conduct necessary limitation to the assess rights and
comply with principles of right- and domain-based control and minimum privilege.
 B.B. Ensure that every employee has a unique user identification and password
for his/her use only.
 C.C. Remind the customer to update all the passwords of the device regularly and
ensure the complexity of the passwords.
 D.D. Clean up the device accounts regularly to eliminate abandoned accounts.

Right Answer:A,B,C,D
My Answer:A,B,C,D
Score:5

28. (5Point(s))(Multiple choices) It is Huawei‘s important social responsibility to support the secure
operation of customers‘ networks and services. Huawei employees should be aware of and comply with all
applicable laws, regulations, customers‘ operational standards as well as Huawei‘s internal processes and
policies. Failure to do so may result in disciplinary action within Huawei and may result in civil or even
criminal liabilities. Which of the following activities are not tolerated according to the BCG?

 A.A. Without customers‘ authorization, access customers‘ systems and devices to

collect, possess, process, or modify data and information in customers‘ networks and
devices, or disclose and disseminate customers‘ data and information.
 B.B. During product development, delivery, and services, do not embed
malicious code, malware, or backdoors, and do not develop or distribute viruses.
 C.C. During network configurations, delete the system startup configuration file
by accident. After a system upgrade and restart, the link is disconnected.
 D.D. Attack or damage customer networks, use networks to carry out any
activities that harm national security and public interest, steal or destroy information,
and undermine others‘ legal rights.

Right Answer:A,D
My Answer:A,D
Score:5

29. (5Point(s))(Multiple choices) Regarding the description of data security and information
confidentiality requirements in a service system, which of the following statements are correct?

 A.A. When creating or handling a trouble ticket in the IT system, do not fill in the
customer‘s user name or password.
 B.B. During the maintenance, important information such as the system password
should be communicated by telephone, encrypted email, or fax.
 C.C. During the network optimization delivery, the customer‘s personal
information and tracing information that involved in VIP experience tracing, VIP
issue handling, and network optimization in the VIP area must be used within the
specified scope.
  D.D. During the processing of the service-layer data in the data center, copying,
keeping, or spreading information (such as email, official document, salary, and
personnel information) involved in data transfer and maintenance is prohibited.
 E.E. During managed service projects, the types of customer reports and network
information to be sent and corresponding recipients must be controlled strictly.

Right Answer:A,C,D,E
My Answer:A,C,D,E
Score:5

30. (5Point(s))(Multiple choices) Which of the following are correct about access permission management
when service engineers provide services for customers‘ live network devices?

 A.A. Huawei suggests that the customer provide computers to operate and
maintain the customer network, and these computers are kept and managed by the
customer. If the customer cannot provide a computer, Huawei will provide one.
 B.B. For employees‘ working computers, the company has the installation and
configuration standards for employees‘ office computers. Employees can install
software using the Huawei idesk tool or with the help from Huawei IT personnel.
Employees are not allowed to install non-standard software by themselves.
 C.C. There are security requirements for accessing the customer network by using
the working computer during services. For example, the computer connected to the
customer network must comply with the network security environment requirements
and standards of the customer‘s live network (for example, virus scanning and
removal software requirements). If the computer or storage medium is infected with
viruses, it is prohibited to access the customer network and you must perform virus
scanning and removal in a timely manner.
 D.D. The service engineer can contact the R&D personnel to install the software
used in the R&D department on their computers.

Right Answer:A,B,C
My Answer:A,B,C
Score:5