Anda di halaman 1dari 17

Paper Cyber Security Service Work Certificate

Answered by :Mohammed Akbar Total exam score:100.0 Exam score:100.0

1.True or False

A company's responsibility for the customer network and business security assurance surpasses its commercial
interests.

( )True( )False

Answers of examineesTrue Correct answer

questionScore:(2.0) Current Score: 2.0

2.True or False

The grading standard for cyber security violation accountability mainly depends on the consequences caused by
violations.

( )True( )False

Answers of examineesFalse Correct answer

questionScore:(2.0) Current Score: 2.0

3.True or False

When handling or modifying customers' network data, you must apply to customers for written authorization in
advance. However, if the operation does not affect customer network running, there is no need to apply to
customers.

( )True( )False

Answers of examineesFalse Correct answer

questionScore:(2.0) Current Score: 2.0


4.True or False

In training services, to quote customer information, you must edit out the sensitive information in advance or
obtain written authorization from the customer.

( )True( )False

Answers of examineesTrue Correct answer

questionScore:(2.0) Current Score: 2.0

5.True or False

You must first get written authorization from customers before installing any tool or software on the customer
network. In case of an emergency such as the customer being not within contact, the temporary software installed
on the customer device must be removed the moment you complete the task.

( )True( )False

Answers of examineesFalse Correct answer

questionScore:(2.0) Current Score: 2.0

6.True or False

The cyber security redlines are conditional requirements, and must give top priority to business needs when it
conflicts with the business.

( )True( )False

Answers of examineesFalse Correct answer

questionScore:(2.0) Current Score: 2.0

7.True or False

According to cyber security redlines, do not reserve or use an admin account or other unauthorized accounts after
the product has been deployed for commercial use or has been transferred to the maintenance phase. Instead,
the network account password must be handed over to the customer who is required to modify the initial password
and sign for confirmation.
( )True( )False

Answers of examineesTrue Correct answer

questionScore:(2.0) Current Score: 2.0

8.True or False

When the employee completes his/her missions on the business trip and is ready to leave, relevant departments
must require him/her to delete the customer network information in the portable devices or other storage media,
and to hand over relevant account information. The departments must also revoke the employee's access right to
relevant customer systems or sites and check again. If necessary, inform customers that the employee is about to
leave.

( )True( )False

Answers of examineesTrue Correct answer

questionScore:(2.0) Current Score: 2.0

9.True or False

When working together at customer sites, team members can share an account to avoid disturbing customers on
the premise that the account and password are not disclosed.

( )True( )False

Answers of examineesFalse Correct answer

questionScore:(2.0) Current Score: 2.0

10.True or False

After the field service is finished, clean up all temporary content related to the customer in the process of the
service (for example, delete the process data and cancel the login account). If certain temporary content needs to
be reserved for the follow-up work, you must obtain the written approval from the customer.

( )True( )False
Answers of examineesTrue Correct answer

questionScore:(2.0) Current Score: 2.0

11.Multiple Choice(Select one choice)

The GCSO Office/BG Cyber Security Office is responsible for determining the level of the reported cyber security
crisis and organizing the establishment of a cyber security crisis management work team. As for core members of
the crisis management work team, which of the following statements is INCORRECT?

( )a.The country CSO is the work team leader.

( )b.Manager of BG/BU/Regional Dept./Account Dept./Rep. Office is the work team leader.

( )c.The GCSO/Director of GCSO Office/Director of BG/BU Cyber Security Office is the deputy team leader.

( )d.The Legal Affairs Dept. is the mandatory core member.

Answers of examineesa Correct answer

questionScore:(2.0) Current Score: 2.0

12.Multiple Choice(Select one choice)

Send the data that contains personal information in the carrier network to the headquarters for troubleshooting
analysis, which of the following statements is INCORRECT?

( )a.Ask for permission of the carrier and perform the essential procedure according to local laws.

( )b.When data is transferred to the headquarters, adopt proper organizational and technical measurements to
ensure data security.

( )c.Problem solving is the top priority, so transfer the data as fast as possible.

( )d.Ask for advice from the manager and cyber security department if you do not know how to deal with it.

Answers of examineesc Correct answer


questionScore:(2.0) Current Score: 2.0

13.Multiple Choice(Select one choice)

Regarding virus detection and removal, which of the following statements is CORRECT?

( )a.Computers at work have already installed antivirus software and are updated and optimized by the IT, so there
is no need to scan virus before connecting to customer network.

( )b.The computer or storage media with discovered or suspected viruses can access the customer network with
the permission of the customer.

( )c.Employees need to scan virus in Full scan mode regularly. The computer or storage media with discovered or
suspected viruses must not access the customer network.

( )d.The cyber security behavior of subcontractor employees is managed by the subcontractor, and Huawei is not
accountable if the sub-contractor employees' computer accesses to the customer network without virus scanning.

Answers of examineesc Correct answer

questionScore:(2.0) Current Score: 2.0

14.Multiple Choice(Select one choice)

As mentioned in Management Requirements on Cyber Security Baseline, ( ) are the first owners for ensuring
cyber security of the related businesses, and ( ) are the first owners for ensuring cyber security of the related
processes.

( )a.Business managers at all levels, process owners at all levels

( )b.Process owners at all levels, business managers at all levels

( )c.Business owners, process handlers

( )d.Process handlers, business owners

Answers of examineesa Correct answer


questionScore:(2.0) Current Score: 2.0

15.Multiple Choice(Select one choice)

Regarding account password management, which of the following statements does not belong to cyber security
violations?

( )a.Reserve an undocumented account in provided products or services.

( )b.Attack and destroy the customers' networks; crack the password of customers' accounts.

( )c.Disclose and disseminate the accounts and passwords of the customers' network.

( )d.Use accounts and passwords with the customers' written authorization.

Answers of examineesd Correct answer

questionScore:(2.0) Current Score: 2.0

16.Multiple Choice(Select one choice)

In the process of service delivery, which of the following behaviors does not violate cyber security?

( )a.Implant malicious codes, malicious software, and backdoor in the provided product or service, and reserve
any undisclosed interface and account.

( )b.Access the customer system without the customer's written authorization and collect, possess, handle, and
modify any data and information of the customer network.

( )c.Delete and destroy the customer network data after the customer authorization expires.

( )d.Spread and use the shared account and password without the customer's written authorization.

Answers of examineesc Correct answer

questionScore:(2.0) Current Score: 2.0

17.Multiple Choice(Select one choice)


Which of the following statements about data usage is INCORRECT?

( )a.Use the customer network data within the scope of authorization. Do not use or publish the customer network
data in any form for any unauthorized purpose.

( )b.If customers do not put forward clear requirements after the project ends, you can reserve some customer
network data on the work computer for external communication and discussion in future.

( )c.If external communication, discussion, or display materials involve customer network data, you must obtain
customer authorization or edit out sensitive information, except public data or information.

( )d.If case study or knowledge sharing involves customer network data, you must edit out sensitive information
instead of direct use.

Answers of examineesb Correct answer

questionScore:(2.0) Current Score: 2.0

18.Multiple Choice(Select one choice)

Regarding data disposal, which of the following statements is INCORRECT?

( )a.Papers containing customer network data must be destructed.

( )b.If changing positions, the employee should recycle or conduct unrecoverable deletion of the customer network
data and cancel the corresponding information system assess right.

( )c.The customer network data in out-of-service device may not be destructed.

( )d.If devices and storage media are returned from sensitive areas, the contained customer network data must be
erased unless the customer asks for reserving.

Answers of examineesc Correct answer

questionScore:(2.0) Current Score: 2.0

19.Multiple Choice(Select one choice)


Regarding the description of on-site service requirements, which of the following statements is INCORRECT?

( )a.When offering the on-site service, the customer must agree and accompany, and the engineer must use the
temporary account and password offered by the customer and must not share with others.

( )b.Any operation that is of no risk but out of the operation scope approved by the customer can state to the
customer after implementation.

( )c.After the on-site service ends, clean up all temporary work content during the service(for example, delete the
process data and cancel the login account). If certain temporary content needs to be reserved for the follow-up
work, you must obtain the written approval from the customer.

( )d.After the on-site service ends, the customer needs to sign in the service report to confirm whether the login
password has been changed.

Answers of examineesb Correct answer

questionScore:(2.0) Current Score: 2.0

20.Multiple Choice(Select one choice)

As to the cyber security management of employees on business trips, which of the following statements is
INCORRECT?

( )a.When an employee on a business trip gets to the destination, the destination department should require the
employee to study the training materials of cyber security, and keep the records that the employee participated in
cyber security training, passed the cyber security test, and signed the related commitment of cyber security.

( )b.During the employee's business trip, the destination department should regard the employee as its own staff
and implement regular cyber security management.

( )c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination
department should bear the management liability if the supervisor did not perform due duties in management or
failed to take any measures after knowing the violation.

( )d.An employee on business trips still complies with the cyber security management requirements of his/her own
original department. He/she does not have to obey the cyber security management requirements of the frontline
project team, for example, attend trainings and sign the commitment.
Answers of examineesd Correct answer

questionScore:(2.0) Current Score: 2.0

21.Multiple Select (Select two or more choices)

Enter or exit of the ( ) must follow management regulations of the customer or related organization. The NOC and
RNOC built by Huawei should be customized to fulfill the management regulations required by the customer and
be complied with strictly.

[ ]a.customer's equipment room

[ ]b.customer's network management center

[ ]c.customer's office area

[ ]d.sensitive area (such as government agency and army)

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

22.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about the usage requirements of tools/software?

[ ]a.The tool/software release department needs to complete cyber security redline authentication of physical
product lines before the product release. The application scope of the tool/software must be clarified according to
the redline testing results during the release.

[ ]b.The Support website and the product catalog are legal publication and download platform. All the tools
(including the frontline custom tools) must be released on the legal platform. Employees can download software
from only the Support website, product catalogs, and use software tools within the specified scope.

[ ]c.Employees are forbidden to download/use tool software from other illegal channels, for example download a
third-party software from the Internet, or obtain or use R&D tool software from illegal channels.

[ ]d.To meet business processing and customer requirements in an emergency, we can download a third-party
software from the Internet, but afterwards should report promptly to the tool management department and cyber
security office.

Answers of examineesabc Correct answer

questionScore:(4.0) Current Score: 4.0

23.Multiple Select (Select two or more choices)

The Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with
their privacy and correspondence. Many countries have implemented or are planning to implement privacy or
personal data protection laws. Protect user privacy and communication freedom. Some employees may come into
contact with individuals' personal data, such as end users' telephone number, content of their communications
(such as text messages or voice mails), traffic and location logs on the customers' networks. It is universally
required by laws that when collecting and processing personal data, one should comply with the principles of
fairness, transparency, relevancy, appropriateness, and secure protection. Regarding protection of end uses'
privacy and communication freedom, which activities cannot be tolerated by our company?

[ ]a.Sell user materials, such as user names and phone numbers, obtained from work to others.

[ ]b.To locate issues in maintenance, access a user's communication line and eavesdrop the user's voice call.

[ ]c.Illegally monitor users' communications and activities or assist in such illegal monitoring.

[ ]d.Allow the free flow of unbiased information.

Answers of examineesabc Correct answer

questionScore:(4.0) Current Score: 4.0

24.Multiple Select (Select two or more choices)

Regarding the description of data security and information confidentiality requirements in the service system,
which of the following statements are CORRECT?

[ ]a.When trouble tickets in the IT system are created or handled, do not fill in the customer service account and
passwor
[ ]b.During the maintenance, important information such as the system password should be informed by
telephone, encrypted email, or fax.

[ ]c.During the network optimization delivery, the customer's personal information and tracing information that
involved in VIP experience tracing, VIP issue handling, and network optimization in the VIP area must be used in
the specified scope.

[ ]d.When the service-layer data in the data center is handled, information (such as email, official document,
salary, and personnel information) involved in data transfer and maintenance is forbidden to be copied, reserved,
or sprea

[ ]e.During service project management, the scope of customer reports and network information to be sent must
be controlled strictly.

Answers of examineesacde Correct answer

questionScore:(4.0) Current Score: 4.0

25.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT concerning data storage?

[ ]a.Judiciously manage paper documents and storage media or devices that contain customer network data to
prevent unauthorized access or data loss.

[ ]b.Strictly control access permissions to the customer network data, and maintain permissions regularly.

[ ]c.Conduct data backup and protect data from viruses.

[ ]d.Before a staff leaves the sensitive area, the equipment or storage media containing customer data network
must be removed or transferred to the local server or other storage media that have management measures.

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

26.Multiple Select (Select two or more choices)


Which of the following statements are CORRECT about data transfer?

[ ]a.Strictly follow the customer authorized purpose for customer network data transfer operations.

[ ]b.Without the customers' consent, do not transfer customers' network data (including personal data) out of the
customers' network.

[ ]c.In case of an emergency, customer network data (including personal data) of sensitive countries can be
transferred back to China to avoid service delay.

[ ]d.Transfer of personal data from the European Economic Area (EEA) and other sensitive countries should
comply with local laws and regulations.

Answers of examineesabd Correct answer

questionScore:(4.0) Current Score: 4.0

27.Multiple Select (Select two or more choices)

In a testing program, an R&D engineer supports testing onsite. The customer engineer A assigns the R&D
engineer an account and its password, and R&D engineer forwards this account and password to many other
customer engineers, several top customer managers include Which of the following statements are CORRECT?

[ ]a.Providing account and password information to several customer engineers does not involve cyber security
violation.

[ ]b.Spreading /sharing account and password is a cyber security violation.

[ ]c.The R&D engineer accidentally spreads the account and password information, which does not involve cyber
security violation.

[ ]d.The R&D engineer should carefully confirm the customer authorization scope.

Answers of examineesbd Correct answer

questionScore:(4.0) Current Score: 4.0

28.Multiple Select (Select two or more choices)


Regarding Huawei cyber security governance, organization design, policies, and procedures, which of the
following statements are CORRECT?

[ ]a.Huawei established the Global Cyber Security Committee (GCSC), consisting of the board members and
Global Process Owners (GPOs). The Global Cyber Security Officer (GCSO) and subordinate security
organizations support the GCSC to implement the cyber security strategies.

[ ]b.Huawei incorporates security goals into the company business processes and implements the company's
programmatic documents such as strategies through more specific policies, organization, and process documents.

[ ]c.Huawei auditors use the Key Control Points (KCPs) and the global process control manual to ensure that
processes are effective and executed.

[ ]d.Huawei governance, organization design, policies, and procedures ensure that cyber security requirements
are effectively implemented rather than remain on paper.

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

29.Multiple Select (Select two or more choices)

It is Huawei's important social responsibility to support the secure operation of customers' networks and business.
Huawei employees should be aware of and comply with all applicable laws, regulations, customers' operational
standards as well as Huawei's internal processes and policies. Failure to do so may result in disciplinary action
within Huawei and may result in civil or even criminal liabilities. Which of the following activities cannot be
tolerated according to the BCG?

[ ]a.Access, without customers' authorization, customers systems and equipment to collect, possess, process, or
modify data and information in customers networks and equipment, or disclose and disseminate customers' data
and information.

[ ]b.Do not embed malicious code, malware, or backdoors in products, deliveries, and services, and develop and/
or distribute viruses.

[ ]c.During network configurations, delete the system startup configuration file by accident. After system upgrade
and restart, the link is disconnecte

[ ]d.Attack, destroy, or damage customers' networks or take advantage of customers' networks to steal or destroy
information or commit any activity that endangers national security, the public interest, or the legal rights and/or
interests of other parties.

Answers of examineesad Correct answer

questionScore:(4.0) Current Score: 4.0

30.Multiple Select (Select two or more choices)

To collect and process personal data for the purpose of safeguarding network operation and service, which of the
following requirements shall Huawei comply with?

[ ]a.Obtain written authorization from the customer in advance and keep the consent or authorization record.

[ ]b.Disclose the function to the customer using product materials and describe the following items explicitly: type
of collected and handled data, purpose, handling method, deadline, the next data receiver (if any).

[ ]c.The collection should comply with the purpose correlation, necessity, minimum, and real-time update
principles. Anonyms or pseudonyms shall be used wherever possible.

[ ]d.According to laws, personal data from cyber security sensitive countries should not be transferred to other
countries or areas including China.

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

31.Multiple Select (Select two or more choices)

Which of the following statements are INCORRECT if engineer Z is asked to resolve packet loss issues on a
customer device as soon as possible?

[ ]a.Considering that the customer requirement is urgent, immediately access the customer system for packet
capture and troubleshooting.

[ ]b.First, apply to the customer for approval and obtain the written authorization for accessing the customer
system.
[ ]c.Directly access the customer system for processing after contacting the customer for multiple times but failing
to obtain any response.

[ ]d.Employee Z has a good relationship with the customer, so the employee can access the customer system first
and apply for written authorization later.

Answers of examineesacd Correct answer

questionScore:(4.0) Current Score: 4.0

32.Multiple Select (Select two or more choices)

Which of the following statements require customer written authorization in advance?

[ ]a.Check device data

[ ]b.Collect device data

[ ]c.Modify device data

[ ]d.Access to the customer network

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

33.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about on-site cyber security management requirements for
employees on business trips?

[ ]a.When an employee on a business trip gets to the destination, the destination department should require the
employee to study the training materials of cyber security, participate in cyber security training, pass the cyber
security test, and sign the commitment of cyber security redlines. The destination department should keep a
record of the employee's study, test, and commitment.

[ ]b.During the employee's business trip, the destination department should regard the employee as its own staff
and implement regular cyber security management.
[ ]c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination
department should bear the management liability if the supervisor did not perform due duties in management or
failed to take any measures after knowing the violation.

[ ]d.If an employee on business trips supports a project, the department with management responsibilities is the
project team; if the employee does not enter the project, the department with management responsibilities is the
corresponding platform department.

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0

34.Multiple Select (Select two or more choices)

What controls does service engineer put around the use of laptops or engineering technology their engineers
carry? For example, can the service engineers load their own software tools onto their laptop?

[ ]a.We suggest that computers used for maintenance be provided and managed by customers if possible. If the
computers cannot be provided by customers, our employees' work computers will be used.

[ ]b.To protect the customer network and data security, our corporation has strict computer configuration and
customer network access requirements. The software in the work computers must be installed through Huawei
iDesk tool or by Huawei IT personnel.

[ ]c.The computers must meet the security requirements and standards. If a computer is infected or suspected to
be infected by viruses, the computer cannot be connected to customer networks and must be scanned to remove
the viruses.

[ ]d.Service engineer can install internal R&D software tools through directly contact with R&D staff.

Answers of examineesabc Correct answer

questionScore:(4.0) Current Score: 4.0

35.Multiple Select (Select two or more choices)

Regarding the description of system account management and assess right control, which of the following
statements are CORRECT?

[ ]a.Remind the customer to conduct necessary limitation to the assess rights and comply with principles of right-
and domain-based control and least privilege.

[ ]b.Ensure that every employee has a unique user identification and password for his/her use only.

[ ]c.Remind the customer to update all the passwords of the device regularly and ensure the complexity of the
passwords.

[ ]d.Clean up the device accounts regularly and eliminate unused accounts.

Answers of examineesabcd Correct answer

questionScore:(4.0) Current Score: 4.0