You are on page 1of 17

Paper Cyber Security Service Work Certificate

Answered by :Mohammed Akbar Total exam score:100.0 Exam score:100.0

1.True or False

A company's responsibility for the customer network and business security assurance surpasses its commercial
interests.

( )True( )False

Answers of examinees:True Correct answer

questionScore:(2.0) Current Score: 2.0

2.True or False

The grading standard for cyber security violation accountability mainly depends on the consequences caused by
violations.

( )True( )False

Answers of examinees:False Correct answer

questionScore:(2.0) Current Score: 2.0

3.True or False

When handling or modifying customers' network data, you must apply to customers for written authorization in
advance. However, if the operation does not affect customer network running, there is no need to apply to
customers.

( )True( )False

Answers of examinees:False Correct answer

questionScore:(2.0) Current Score: 2.0

. ( )True( )False Answers of examinees:True Correct answer questionScore:(2.4.True or False According to cyber security redlines.True or False In training services.0) Current Score: 2. ( )True( )False Answers of examinees:False Correct answer questionScore:(2. you must edit out the sensitive information in advance or obtain written authorization from the customer. In case of an emergency such as the customer being not within contact.True or False The cyber security redlines are conditional requirements.0) Current Score: 2. to quote customer information.0) Current Score: 2. and must give top priority to business needs when it conflicts with the business.True or False You must first get written authorization from customers before installing any tool or software on the customer network. Instead.0 6. ( )True( )False Answers of examinees:False Correct answer questionScore:(2.0 7.0 5. do not reserve or use an admin account or other unauthorized accounts after the product has been deployed for commercial use or has been transferred to the maintenance phase. the network account password must be handed over to the customer who is required to modify the initial password and sign for confirmation. the temporary software installed on the customer device must be removed the moment you complete the task.

0) Current Score: 2. ( )True( )False Answers of examinees:True Correct answer questionScore:(2.0 8. inform customers that the employee is about to leave.0) Current Score: 2. you must obtain the written approval from the customer.True or False After the field service is finished.True or False When the employee completes his/her missions on the business trip and is ready to leave.0 10.0 9. ( )True( )False Answers of examinees:True Correct answer questionScore:(2. clean up all temporary content related to the customer in the process of the service (for example. ( )True( )False . delete the process data and cancel the login account). The departments must also revoke the employee's access right to relevant customer systems or sites and check again.0) Current Score: 2. If certain temporary content needs to be reserved for the follow-up work. relevant departments must require him/her to delete the customer network information in the portable devices or other storage media.True or False When working together at customer sites. ( )True( )False Answers of examinees:False Correct answer questionScore:(2. and to hand over relevant account information. team members can share an account to avoid disturbing customers on the premise that the account and password are not disclosed. If necessary.

The Legal Affairs Dept.Ask for permission of the carrier and perform the essential procedure according to local laws. As for core members of the crisis management work team.The country CSO is the work team leader. Answers of examinees:a Correct answer questionScore:(2. Office is the work team leader.Ask for advice from the manager and cyber security department if you do not know how to deal with it. ( )b. is the mandatory core member.0) Current Score: 2. ( )c.Manager of BG/BU/Regional Dept.Multiple Choice(Select one choice) Send the data that contains personal information in the carrier network to the headquarters for troubleshooting analysis. ( )c. which of the following statements is INCORRECT? ( )a. adopt proper organizational and technical measurements to ensure data security./Account Dept.Multiple Choice(Select one choice) The GCSO Office/BG Cyber Security Office is responsible for determining the level of the reported cyber security crisis and organizing the establishment of a cyber security crisis management work team.The GCSO/Director of GCSO Office/Director of BG/BU Cyber Security Office is the deputy team leader.0 11. ( )d. Answers of examinees:c Correct answer . which of the following statements is INCORRECT? ( )a.When data is transferred to the headquarters. so transfer the data as fast as possible. ( )b.0 12.0) Current Score: 2. ( )d. Answers of examinees:True Correct answer questionScore:(2.Problem solving is the top priority./Rep.

business managers at all levels ( )c.Business owners.The cyber security behavior of subcontractor employees is managed by the subcontractor. Answers of examinees:c Correct answer questionScore:(2.Business managers at all levels. and ( ) are the first owners for ensuring cyber security of the related processes.0 13.Process handlers.Multiple Choice(Select one choice) As mentioned in Management Requirements on Cyber Security Baseline. process owners at all levels ( )b. ( )b. ( )d. questionScore:(2. business owners Answers of examinees:a Correct answer .The computer or storage media with discovered or suspected viruses can access the customer network with the permission of the customer.0 14. and Huawei is not accountable if the sub-contractor employees' computer accesses to the customer network without virus scanning.Process owners at all levels.Multiple Choice(Select one choice) Regarding virus detection and removal.0) Current Score: 2. so there is no need to scan virus before connecting to customer network.0) Current Score: 2. ( ) are the first owners for ensuring cyber security of the related businesses. ( )c. process handlers ( )d. The computer or storage media with discovered or suspected viruses must not access the customer network.Employees need to scan virus in Full scan mode regularly. ( )a. which of the following statements is CORRECT? ( )a.Computers at work have already installed antivirus software and are updated and optimized by the IT.

( )d.Reserve an undocumented account in provided products or services.0) Current Score: 2.0 16. ( )b. malicious software. possess. questionScore:(2. ( )c.0) Current Score: 2. and reserve any undisclosed interface and account.Multiple Choice(Select one choice) In the process of service delivery. Answers of examinees:d Correct answer questionScore:(2.0 15.Delete and destroy the customer network data after the customer authorization expires. Answers of examinees:c Correct answer questionScore:(2. ( )b. which of the following statements does not belong to cyber security violations? ( )a.Implant malicious codes. ( )d.Use accounts and passwords with the customers' written authorization.Multiple Choice(Select one choice) .Multiple Choice(Select one choice) Regarding account password management. handle. and modify any data and information of the customer network. ( )c.Disclose and disseminate the accounts and passwords of the customers' network. and backdoor in the provided product or service.Spread and use the shared account and password without the customer's written authorization.0 17.Access the customer system without the customer's written authorization and collect.Attack and destroy the customers' networks. crack the password of customers' accounts.0) Current Score: 2. which of the following behaviors does not violate cyber security? ( )a.

the contained customer network data must be erased unless the customer asks for reserving.Papers containing customer network data must be destructed. which of the following statements is INCORRECT? ( )a. Answers of examinees:b Correct answer questionScore:(2.Multiple Choice(Select one choice) Regarding data disposal. Which of the following statements about data usage is INCORRECT? ( )a. ( )c. the employee should recycle or conduct unrecoverable deletion of the customer network data and cancel the corresponding information system assess right. ( )d. ( )d.Multiple Choice(Select one choice) .If case study or knowledge sharing involves customer network data.0 18.If external communication.0) Current Score: 2.If devices and storage media are returned from sensitive areas. except public data or information.0) Current Score: 2. ( )b. ( )c. Do not use or publish the customer network data in any form for any unauthorized purpose. you can reserve some customer network data on the work computer for external communication and discussion in future.0 19. you must edit out sensitive information instead of direct use. or display materials involve customer network data. you must obtain customer authorization or edit out sensitive information. Answers of examinees:c Correct answer questionScore:(2.If changing positions.Use the customer network data within the scope of authorization.If customers do not put forward clear requirements after the project ends.The customer network data in out-of-service device may not be destructed. discussion. ( )b.

the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation.After the on-site service ends. attend trainings and sign the commitment. ( )c. which of the following statements is INCORRECT? ( )a.0 20. Regarding the description of on-site service requirements. the destination department should require the employee to study the training materials of cyber security. . passed the cyber security test. which of the following statements is INCORRECT? ( )a. Answers of examinees:b Correct answer questionScore:(2.After the on-site service ends. clean up all temporary work content during the service(for example. ( )b. the customer must agree and accompany. delete the process data and cancel the login account).During the employee's business trip. for example.Multiple Choice(Select one choice) As to the cyber security management of employees on business trips.When an employee on a business trip gets to the destination.When offering the on-site service. and the engineer must use the temporary account and password offered by the customer and must not share with others. and signed the related commitment of cyber security. and keep the records that the employee participated in cyber security training.If an employee violates cyber security requirements during the business trip. ( )d. If certain temporary content needs to be reserved for the follow-up work. the destination department should regard the employee as its own staff and implement regular cyber security management. the customer needs to sign in the service report to confirm whether the login password has been changed. ( )d.Any operation that is of no risk but out of the operation scope approved by the customer can state to the customer after implementation.0) Current Score: 2. you must obtain the written approval from the customer. ( )b. ( )c.An employee on business trips still complies with the cyber security management requirements of his/her own original department. He/she does not have to obey the cyber security management requirements of the frontline project team.

The application scope of the tool/software must be clarified according to the redline testing results during the release.0 22.Multiple Select (Select two or more choices) Enter or exit of the ( ) must follow management regulations of the customer or related organization.customer's equipment room [ ]b. The NOC and RNOC built by Huawei should be customized to fulfill the management regulations required by the customer and be complied with strictly. we can download a third-party . [ ]d. [ ]b. or obtain or use R&D tool software from illegal channels.The tool/software release department needs to complete cyber security redline authentication of physical product lines before the product release.sensitive area (such as government agency and army) Answers of examinees:abcd Correct answer questionScore:(4.0 21.customer's network management center [ ]c.0) Current Score: 2.customer's office area [ ]d. [ ]c.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about the usage requirements of tools/software? [ ]a.To meet business processing and customer requirements in an emergency.Employees are forbidden to download/use tool software from other illegal channels.The Support website and the product catalog are legal publication and download platform.0) Current Score: 4. Answers of examinees:d Correct answer questionScore:(2. Employees can download software from only the Support website. for example download a third-party software from the Internet. [ ]a. and use software tools within the specified scope. product catalogs. All the tools (including the frontline custom tools) must be released on the legal platform.

one should comply with the principles of fairness.0 24. Protect user privacy and communication freedom. Some employees may come into contact with individuals' personal data. which activities cannot be tolerated by our company? [ ]a. Answers of examinees:abc Correct answer questionScore:(4. and secure protection. Many countries have implemented or are planning to implement privacy or personal data protection laws. [ ]c.To locate issues in maintenance. It is universally required by laws that when collecting and processing personal data.Multiple Select (Select two or more choices) Regarding the description of data security and information confidentiality requirements in the service system. do not fill in the customer service account and passwor . [ ]b. appropriateness. such as user names and phone numbers.Allow the free flow of unbiased information. obtained from work to others. software from the Internet. such as end users' telephone number.Sell user materials.Illegally monitor users' communications and activities or assist in such illegal monitoring. but afterwards should report promptly to the tool management department and cyber security office. which of the following statements are CORRECT? [ ]a. transparency.Multiple Select (Select two or more choices) The Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with their privacy and correspondence. content of their communications (such as text messages or voice mails). relevancy.0) Current Score: 4. [ ]d. access a user's communication line and eavesdrop the user's voice call. traffic and location logs on the customers' networks.When trouble tickets in the IT system are created or handled.0 23. Answers of examinees:abc Correct answer questionScore:(4.0) Current Score: 4. Regarding protection of end uses' privacy and communication freedom.

[ ]c.0 26. [ ]b.During service project management.Conduct data backup and protect data from viruses.During the network optimization delivery. or fax. [ ]d. the scope of customer reports and network information to be sent must be controlled strictly.Strictly control access permissions to the customer network data. information (such as email.Multiple Select (Select two or more choices) .Before a staff leaves the sensitive area. reserved. official document. [ ]d. [ ]b.Judiciously manage paper documents and storage media or devices that contain customer network data to prevent unauthorized access or data loss. or sprea [ ]e. and maintain permissions regularly.0 25. VIP issue handling. and personnel information) involved in data transfer and maintenance is forbidden to be copied. salary.0) Current Score: 4.Multiple Select (Select two or more choices) Which of the following statements are CORRECT concerning data storage? [ ]a.0) Current Score: 4.During the maintenance. and network optimization in the VIP area must be used in the specified scope. important information such as the system password should be informed by telephone.When the service-layer data in the data center is handled. Answers of examinees:abcd Correct answer questionScore:(4. the customer's personal information and tracing information that involved in VIP experience tracing. the equipment or storage media containing customer data network must be removed or transferred to the local server or other storage media that have management measures. [ ]c. Answers of examinees:acde Correct answer questionScore:(4. encrypted email.

an R&D engineer supports testing onsite.0) Current Score: 4.Transfer of personal data from the European Economic Area (EEA) and other sensitive countries should comply with local laws and regulations.Multiple Select (Select two or more choices) . [ ]b. customer network data (including personal data) of sensitive countries can be transferred back to China to avoid service delay. The customer engineer A assigns the R&D engineer an account and its password.Strictly follow the customer authorized purpose for customer network data transfer operations. [ ]d.0 27. [ ]c. which does not involve cyber security violation. Answers of examinees:bd Correct answer questionScore:(4.Spreading /sharing account and password is a cyber security violation. Answers of examinees:abd Correct answer questionScore:(4.Multiple Select (Select two or more choices) In a testing program. do not transfer customers' network data (including personal data) out of the customers' network. and R&D engineer forwards this account and password to many other customer engineers.Providing account and password information to several customer engineers does not involve cyber security violation.0) Current Score: 4. [ ]c. several top customer managers include Which of the following statements are CORRECT? [ ]a.0 28.The R&D engineer should carefully confirm the customer authorization scope.The R&D engineer accidentally spreads the account and password information.In case of an emergency.Without the customers' consent. Which of the following statements are CORRECT about data transfer? [ ]a. [ ]b. [ ]d.

organization. or damage customers' networks or take advantage of customers' networks to steal or destroy . which of the following statements are CORRECT? [ ]a. organization design. Huawei employees should be aware of and comply with all applicable laws. organization design.During network configurations. [ ]b. the link is disconnecte [ ]d.0) Current Score: 4. or disclose and disseminate customers' data and information. process. Answers of examinees:abcd Correct answer questionScore:(4. possess. without customers' authorization. [ ]c. and procedures ensure that cyber security requirements are effectively implemented rather than remain on paper. The Global Cyber Security Officer (GCSO) and subordinate security organizations support the GCSC to implement the cyber security strategies. After system upgrade and restart. [ ]c. customers’ systems and equipment to collect.Huawei incorporates security goals into the company business processes and implements the company's programmatic documents such as strategies through more specific policies. and develop and/ or distribute viruses. regulations. destroy. policies. [ ]b.Huawei governance. policies. and procedures. customers' operational standards as well as Huawei's internal processes and policies. or modify data and information in customers’ networks and equipment. malware. [ ]d. delete the system startup configuration file by accident. Which of the following activities cannot be tolerated according to the BCG? [ ]a. or backdoors in products.Multiple Select (Select two or more choices) It is Huawei's important social responsibility to support the secure operation of customers' networks and business. deliveries.Do not embed malicious code.Attack.Huawei auditors use the Key Control Points (KCPs) and the global process control manual to ensure that processes are effective and executed.Huawei established the Global Cyber Security Committee (GCSC). and services. consisting of the board members and Global Process Owners (GPOs). Failure to do so may result in disciplinary action within Huawei and may result in civil or even criminal liabilities.0 29.Access. Regarding Huawei cyber security governance. and process documents.

Considering that the customer requirement is urgent. Answers of examinees:ad Correct answer questionScore:(4. [ ]d.0) Current Score: 4.Obtain written authorization from the customer in advance and keep the consent or authorization record.0 30.0 31. or the legal rights and/or interests of other parties.Disclose the function to the customer using product materials and describe the following items explicitly: type of collected and handled data. [ ]b. purpose. personal data from cyber security sensitive countries should not be transferred to other countries or areas including China.0) Current Score: 4. information or commit any activity that endangers national security. the next data receiver (if any). [ ]c. deadline.The collection should comply with the purpose correlation. necessity. Anonyms or pseudonyms shall be used wherever possible. [ ]b. the public interest.According to laws. which of the following requirements shall Huawei comply with? [ ]a. immediately access the customer system for packet capture and troubleshooting. minimum. handling method.Multiple Select (Select two or more choices) To collect and process personal data for the purpose of safeguarding network operation and service. . apply to the customer for approval and obtain the written authorization for accessing the customer system. Answers of examinees:abcd Correct answer questionScore:(4.First. and real-time update principles.Multiple Select (Select two or more choices) Which of the following statements are INCORRECT if engineer Z is asked to resolve packet loss issues on a customer device as soon as possible? [ ]a.

Multiple Select (Select two or more choices) Which of the following statements are CORRECT about on-site cyber security management requirements for employees on business trips? [ ]a.Multiple Select (Select two or more choices) Which of the following statements require customer written authorization in advance? [ ]a. and sign the commitment of cyber security redlines.0 33. The destination department should keep a record of the employee's study. participate in cyber security training. and commitment.During the employee's business trip.0) Current Score: 4.[ ]c.Employee Z has a good relationship with the customer.Check device data [ ]b. test.0 32. pass the cyber security test.Access to the customer network Answers of examinees:abcd Correct answer questionScore:(4. . the destination department should require the employee to study the training materials of cyber security.When an employee on a business trip gets to the destination. Answers of examinees:acd Correct answer questionScore:(4.Collect device data [ ]c.0) Current Score: 4.Modify device data [ ]d. so the employee can access the customer system first and apply for written authorization later. [ ]d. the destination department should regard the employee as its own staff and implement regular cyber security management. [ ]b.Directly access the customer system for processing after contacting the customer for multiple times but failing to obtain any response.

[ ]d.Multiple Select (Select two or more choices) Regarding the description of system account management and assess right control.Service engineer can install internal R&D software tools through directly contact with R&D staff. our employees' work computers will be used.The computers must meet the security requirements and standards. the computer cannot be connected to customer networks and must be scanned to remove the viruses. The software in the work computers must be installed through Huawei iDesk tool or by Huawei IT personnel. [ ]c. our corporation has strict computer configuration and customer network access requirements. can the service engineers load their own software tools onto their laptop? [ ]a. the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation.0) Current Score: 4. If the computers cannot be provided by customers.Multiple Select (Select two or more choices) What controls does service engineer put around the use of laptops or engineering technology their engineers carry? For example. If a computer is infected or suspected to be infected by viruses.To protect the customer network and data security. Answers of examinees:abcd Correct answer questionScore:(4. if the employee does not enter the project.If an employee on business trips supports a project. [ ]b. the department with management responsibilities is the project team. [ ]d.We suggest that computers used for maintenance be provided and managed by customers if possible. Answers of examinees:abc Correct answer questionScore:(4.0) Current Score: 4.0 35.0 34.If an employee violates cyber security requirements during the business trip. the department with management responsibilities is the corresponding platform department. which of the following . [ ]c.

statements are CORRECT? [ ]a.Ensure that every employee has a unique user identification and password for his/her use only.Remind the customer to update all the passwords of the device regularly and ensure the complexity of the passwords. [ ]d. [ ]c.Clean up the device accounts regularly and eliminate unused accounts.0 .Remind the customer to conduct necessary limitation to the assess rights and comply with principles of right- and domain-based control and least privilege.0) Current Score: 4. Answers of examinees:abcd Correct answer questionScore:(4. [ ]b.