UJIAN CYBER SEC - v2

True or False
1. (2Point(s))(True or False) During device commissioning, you can add test account information
and account service functions without the customer‘s permission.
 True
 False
Right Answer:False
My Answer:True
Score:0
2. (2Point(s))(True or False) After an on-site or remote service ends, the customer does not need
to sign in the service report to confirm that the log in password has been changed.
 True
 False
Right Answer:False
My Answer:False
Score:2
3. (2Point(s))(True or False) After an on-site or remote service ends, the customer needs to sign
in the service report to confirm that the log in password has been changed.
 True
 False
Right Answer:True
My Answer:False
Score:0
4. (2Point(s))(True or False) If risky operations (such as software upgrade, important hardware

replacement, and network structure change) are performed on the customer‘s equipment, you
must explain to the customer in written form in advance. The operation can be only performed
with the customer‘s consent. The operations should be based on data from the lab or network
simulation.
 True
 False
Right Answer:True
My Answer:True
Score:2
5. (2Point(s))(True or False) After an on-site service ends, you must clean up all customer-
related temporary work contents (such as intermediate data and login accounts) used in the
service. If certain temporary contents need to be reserved for the follow-up work, you must
obtain a prior written approval from the customer.
 True
 False
Right Answer:True
My Answer:True
Score:2
6. (2Point(s))(True or False) You must obtain customers‘ written authorization before you install
any tools or software on customer networks. In emergency cases, if you cannot get into touch
with customers, you can install temporary software on customers‘ devices and delete it
immediately after the task is completed.
 True
 False
Right Answer:False
My Answer:False
Score:2
7. (2Point(s))(True or False) The criteria for grading cyber security violations are mainly based
on the results caused by the violations.
 True
 False
Right Answer:False
My Answer:False
Score:2
8. (2Point(s))(True or False) During equipment commissioning, test account information and

account service functions cannot be added without the customer‘s permission.
 True
 False
Right Answer:True
My Answer:True
Score:2
9. (2Point(s))(True or False) Cyber security redline requirements: After commercial use or

transfer-to-maintenance, do not retain or use the administrator account or other unauthorized
accounts. Therefore, after the project is transferred to maintenance or commercially used, the
network account password must be handed over to the customer, and the customer needs to
change the initial password and sign for confirmation.
 True
 False
Right Answer:True
My Answer:True
Score:2
10. (2Point(s))(True or False) Before you process or modify data on customer networks or
devices, obtain written authorization from customers. If the operations do not have any impact on
the operating of customer networks and devices, authorization application is not required.
 True
 False
Right Answer:False
My Answer:False
Score:2
Single Choice
11. (3Point(s))(Single choice) Data that contains personal information in carrier networks should
be transferred to Huawei headquarters for troubleshooting. Which of the following actions is
incorrect?
 A.A. Ask for the consent of carriers and perform necessary procedures as required by local
laws.
 B.B. When data is transferred to the headquarters, proper organizational and technical
measurements must be taken to ensure data security.

 C.C. Problem solving is the top priority, and the data should be transferred as fast as
possible.
 D.D. Ask for advice from the manager and cyber security department if you do not know how
to deal with it.
Right Answer:C
My Answer:B
Score:0
12. (3Point(s))(Single choice) Regarding the description of issue feedback and help channels of
cyber security, which of the following statements is incorrect?
 A.A. Cyber security issue feedback is the responsibility of employees in cyber security
positions and is not related to other employees.
 B.B. During project construction, a subcontractor should strictly comply with related product
security specifications. Every inspected subcontractor should actively cooperate in the inspection
and may not refuse or impede the inspection. Any problem found should be solved immediately.
 C.C. If you are uncertain about the construction process, contact the director of the Huawei
project team or contact Huawei project manager to confirm the requirements and then perform the
construction.
 D.D. If a cyber security incident occurs during construction, the subcontractor shall notify the
supervisor of the corresponding Huawei project team immediately or directly contact the project
manager of Huawei.
Right Answer:A
My Answer:A
Score:3
13. (3Point(s))(Single choice) Regarding account and password management, which of the
following is not a cyber security violation?
 A.A. Reserve an undocumented account in provided products or services.
 B.B. Attack and undermine customer networks, or crack customer‘s accounts and passwords.
 C.C. Disclose and disseminate the accounts and passwords of customers‘ networks.
 D.D. Use customers‘ accounts and passwords with their written authorization.
Right Answer:D
My Answer:D
Score:3
14. (3Point(s))(Single choice) Which of the following statements is correct regarding network
security?
 A.A. Before commissioning, you do not need to check whether irrelevant software and files
exist on the device.
 B.B. In the commissioning phase, you can add the test account information and account
service functions to facilitate work without the customer‘s permission.
 C.C. The test account information and balance modification information created during
commissioning can be retained only after the customer requires and signs for confirmation.
 D.D. When you are idle, you can use the customer network to do things irrelevant to your
work, such as playing online games and logging in to irrelevant websites.
Right Answer:C
My Answer:C
Score:3
15. (3Point(s))(Single choice) Which of the following statements about camera shooting or video
recording in the customer office area is correct?
 A.A. Use digital or common cameras to take photos without prior authorization from
customers.
 B.B. Share photos or videos taken with cameras or mobile phone cameras to social
networking sites without prior authorization from customers.
 C.C. Share photos or videos taken with cameras or mobile phone cameras to IM groups
without prior authorization from customers.
 D.D. If a digital or common camera, including any video cameras or mobile phone cameras,
is used on the customer‘s venue, prior authorization must be obtained from the customer.
Right Answer:D
My Answer:D
Score:3
16. (3Point(s))(Single choice) The Cyber Security Baseline Management Requirements mentions
that ____ is the primary responsible owner for cyber security assurance of the corresponding
service network. ____ should be responsible for every action that he/she makes and its
consequences.
 A.A. business directors at all levels; Employees

 B.B. project managers; Employees
 C.C. business directors at all levels; Directors
 D.D. project managers; Employees
Right Answer:A
My Answer:A
Score:3
17. (3Point(s))(Single choice) Which of the following statements is incorrect about data usage?
 A.A. Use data within the scope of authorization. Do not use or disclose the data in any form
for any unauthorized purpose.
 B.B. After a project is completed, you are allowed to store customer network data on your
work computer for reference in future external communication and discussions unless otherwise
required by the customer.
 C.C. You must obtain written authorization or anonymize data if customer network data,
except data from open sources, is involved in external communication, discussion, or demonstration
purposes.
 D.D. Customer network data must be anonymized and cannot be directly used for case study
or knowledge sharing.
Right Answer:B
My Answer:B
Score:3
18. (3Point(s))(Single choice) A maintenance engineer uses the login accounts and passwords for
the customer network stored in a coworkers‘ computer to access the customer network remotely
and resolve an issue. After investigation, it is discovered that the login accounts were authorized
by the customer six months ago, and the validity period was only 10 days. Which of the
following statements is incorrect?
 A.A. Customer authorization management (including authorization letter, accounts, and
passwords) must be strengthened.
 B.B. You must periodically clear expired customer permissions and remind customers to
cancel the expired authorization.
 C.C. Customers rather than Huawei should take the responsibility of management
vulnerabilities in access control of the customer network.

 D.D. Discuss with the customer for a solution and authorize login permissions again.
Accounts and passwords can be used only by the authorized personnel and should be expired after
the validity period, so that if an issue occurs, the issue can be traced and located.
Right Answer:C
My Answer:C
Score:3
19. (3Point(s))(Single choice) Huawei‘s definition of cyber security is to ensure the availability,
integrity, confidentiality, traceability, and robustness of ____ based on a legal framework.
Additionally, it protects the ____ carried therein and the flow of unbiased information. Cyber
security assurance aims to prevent the economic benefits and reputation of Huawei and its
customers from harm. Cyber security protects Huawei‘s employees or the company itself from
bearing civil, administrative liability, or even criminal liability, and avoids cyber security to be
used as an excuse for trade protection, and a fuse that sets off an international political crisis.
 A.A. Products and solutions; information of customers‘ products and systems
 B.B. Products, solutions, and services; customers‘ or users‘ communication content, personal
data, and privacy
 C.C. Products, services, and solutions; security of customers‘ products and systems
 D.D. Products and services; customers‘ or users‘ communication content, personal data, and
privacy
Right Answer:B
My Answer:B
Score:3
20. (3Point(s))(Single choice) Which of the following methods is incorrect for transferring
important information such as system passwords during network maintenance?
 A.A. Face to face communication
 B.B. Communication over the phone
 C.C. Notifying the other party through an encrypted email
 D.D. Faxes
Right Answer:D
My Answer:D
Score:3
Multiple Choice
21. (5Point(s))(Multiple choices) An R&D engineer comes to the site to support a test project.
Customer engineer A authorizes this R&D engineer to assign one set of account and password.
This engineer forwards the account and password to multiple customer engineers and certain
customer executives through email. Which of the following statements are correct?
 A.A. Accounts and passwords are provided to multiple customer engineers. This behavior
does not violate cyber security requirements.
 B.B. Disseminating/Sharing accounts and passwords violates cyber security regulations.
 C.C. The R&D engineer gives away the account and password unintentionally and therefore
does not violate cyber security regulations.
 D.D. The R&D engineer should carefully check the customer authorization scope.
Right Answer:B,D
My Answer:B,D
Score:5
22. (5Point(s))(Multiple choices) Which of the following statements are correct about data
storage?
 A.A. You must properly manage paper documents and storage devices that contain data to
prevent unauthorized access or data loss.
 B.B. You must strictly control access permissions to customer network data and maintain
permissions on a regular basis.
 C.C. You must back up data and protect data from wes.
 D.D. Before leaving a security-sensitive area, you must delete customer network data stored
in devices or storage media being carried or transfer the data to a local server or other storage
media protected with security measures.
Right Answer:A,B,C,D
My Answer:A,B,C,D
Score:5
23. (5Point(s))(Multiple choices) Follow the management regulations of the customer or related
organization when entering or exiting ______. Management rules satisfying customer
requirements must be formulated and implemented for the NOC and RNOC built by Huawei.
 A.A. customer equipment rooms
 B.B. customer network management centers

 C.C. customer office areas
 D.D. sensitive areas including governments and military zones
My Answer:A,B,C,D
Score:5
24. (5Point(s))(Multiple choices) Which of the following information cannot be spread or

disclosed during service delivery?
 A.A. Site location, site equipment configuration, and networking solution
 B.B. IP address, device password, technical specifications, and KPIs
 C.C. Frequency resources, interconnection parameters, and service features
 D.D. Charging information, pipeline information, and terminal user information
My Answer:A,B,C,D
Score:5
usage?
 A.A. Transfer customer network data only for the purposes authorized by the customers.
 B.B. Without customers‘ consent, you are not allowed to transfer customer network data
(including personal data) out of customer networks.
 C.C. To avoid the impact on services in an emergency, you can transfer customer network
data (including personal data) from sensitive countries to China.
 D.D. You can transfer personal data from the European Economic Area (EEA) and a country
sensitive to cyber security issues in compliance with local laws and regulations.
Right Answer:A,B,D
My Answer:A,B,C
Score:0
26. (5Point(s))(Multiple choices) Which of the following statements are correct regarding
subcontractor network security?
 A.A. All new subcontractors concerning cyber security must pass cyber security certification.
 B.B. Cyber security redline is a requirement for Huawei employees and is irrelevant to
subcontractors‘ employees.
 C.C. Subcontractor employees must comply with the customer‘s rules and regulations, obey
the customer‘s management requirements, do not attack or destroy the customer network, and do
not crack the passwords of the customer‘s accounts.
 D.D. Subcontractor employees must not access a customer‘s system and collect, possess,
process, or modify the data and information on the customer network without written permission
from the customer.
Right Answer:A,C,D
My Answer:A,B,C,D
Score:0
27. (5Point(s))(Multiple choices) It is Huawei‘s important social responsibility to support the

secure operation of customers‘ networks and services. Huawei employees should be aware of
and comply with all applicable laws, regulations, customers‘ operational standards as well as
Huawei‘s internal processes and policies. Failure to do so may result in disciplinary action within
Huawei and may result in civil or even criminal liabilities. Which of the following activities are
not tolerated according to the BCG?
 A.A. Without customers‘ authorization, access customers‘ systems and devices to collect,
possess, process, or modify data and information in customers‘ networks and devices, or disclose
and disseminate customers‘ data and information.
 B.B. During product development, delivery, and services, do not embed malicious code,
malware, or backdoors, and do not develop or distribute viruses.
 C.C. During network configurations, delete the system startup configuration file by accident.
After a system upgrade and restart, the link is disconnected.
 D.D. Attack or damage customer networks, use networks to carry out any activities that harm
national security and public interest, steal or destroy information, and undermine others‘ legal rights.
Right Answer:A,D
My Answer:A,D
Score:5
28. (5Point(s))(Multiple choices) The Universal Declaration of Human Rights states that no one
shall be subject to arbitrary interference with their privacy and communications. Many countries
have implemented or are planning to implement privacy or personal data protection laws to
protect user privacy and communication freedom. Some employees may come into contact with
individuals‘ personal data, such as end users‘ phone numbers, communication contents (such as
text messages or voice mails), traffic, and location logs on customers‘ networks. Laws generally
require that personal data be collected and processed in accordance with the principles of
fairness, transparency, relevance, moderation, and security. Regarding protection of end users‘
privacy and communication freedom, which activities are not tolerated by Huawei?
 A.A. Selling the user information obtained in the work, such as the names and mobile
numbers, to others.
 B.B. To locate faults in maintenance, access a user‘s communication line and eavesdrop the
user‘s voice call.
 C.C. Illegally monitor users‘ communications and activities or assist in such illegal monitoring.
 D.D. Allow the free flow of objective information.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
29. (5Point(s))(Multiple choices) Regarding the description of data security and information
confidentiality requirements in a service system, which of the following statements are correct?
 A.A. When creating or handling a trouble ticket in the IT system, do not fill in the customer‘s
user name or password.
 B.B. During the maintenance, important information such as the system password should be
communicated by telephone, encrypted email, or fax.
 C.C. During the network optimization delivery, the customer‘s personal information and
tracing information that involved in VIP experience tracing, VIP issue handling, and network
optimization in the VIP area must be used within the specified scope.
 D.D. During the processing of the service-layer data in the data center, copying, keeping, or
spreading information (such as email, official document, salary, and personnel information) involved
in data transfer and maintenance is prohibited.
 E.E. During managed service projects, the types of customer reports and network information
to be sent and corresponding recipients must be controlled strictly.
Right Answer:A,C,D,E
My Answer:A,C,D,E
Score:5
30. (5Point(s))(Multiple choices) Which of the following behavior that damages the security of
customer network and information are not allowed?
 A.A. Without written authorization from a customer, access the customer network; collect,
possess, process, or modify any data or information in the customer network.
 B.B. Develop, replicate, or spread computer viruses, or attack customers‘ communications
infrastructure, such as networks, in other ways.
 C.C. Use networks to carry out any activities that harm national security or public interest,
steal or destroy others‘ information, or undermine others‘ legal rights.
 D.D. Options A, B, and C also apply to relevant suppliers, engineering partners, and
consultants.
My Answer:A,B,C,D
Score:5
Exam
Exam Detail Report
True or False Single Choice Multiple Choic
Question Count 10 10 10
Score 20 30 50
Score 18 24 50
Personal Information
Account uniportal_andi.kurniawan
Full Name Andi Kurniawan
Department Temp
Job Temp
True or False
1. (2Point(s))(True or False) When team members work together in the customer‘s venue, to
avoid disturbing the customer, the team members can share the accounts under the condition that
the accounts and passwords will not be disclosed.
 True
 False
Right Answer:False
My Answer:False
Score:2

simulation.
 True
 False
Right Answer:True
My Answer:True
Score:2
3. (2Point(s))(True or False) When you are idle, you can use the customer network to do things
irrelevant to your work, such as playing online games and logging in to irrelevant websites.
 True
 False
Right Answer:False
My Answer:False
Score:2
4. (2Point(s))(True or False) You can run unauthorized software on a customer network without
written authorization from Huawei or Huawei client, and can use software versions, patches, or
licenses that are not obtained through official channels.
 True
 False
Right Answer:False
My Answer:False
Score:2
5. (2Point(s))(True or False) Employees should scan and remove viruses on computers/terminals

regularly. The computers or storage media with discovered or suspected viruses must not access
customer networks.
 True
 False
Right Answer:True
My Answer:True
Score:2
 True
 False
Right Answer:False
My Answer:False
Score:2
7. (2Point(s))(True or False) During device commissioning and software upgrade, you must
obtain the software version from a valid channel.
 True
 False
Right Answer:True
My Answer:True
Score:2

 True
 False
Right Answer:True
My Answer:True
Score:2
9. (2Point(s))(True or False) During device commissioning and software upgrade, you can obtain
the software version from unknown channels.
 True
 False
Right Answer:False
My Answer:False
Score:2
 True
 False
Right Answer:True
My Answer:False
Score:0
Single Choice
incorrect?
laws.
possible.
to deal with it.
Right Answer:C
My Answer:A
Score:0
project team or contact Huawei project manager to confirm the requirements and then perform
the construction.
manager of Huawei.
Right Answer:A
My Answer:A
Score:3
security?
Right Answer:C
My Answer:C
Score:3
14. (3Point(s))(Single choice) Which of the following is a non-compliant customer authorization

method?
 A.Emails
 B.Meeting minutes
 C.Faxes
 D.Oral commitments
 E.Service applications
Right Answer:D
My Answer:C
Score:0
 A.A. Papers containing customer network data must be destructed.
 B.B. If an employee changes positions, the employee should recycle or conduct
unrecoverable deletion of the customer network data and cancel the corresponding information
system assess rights.
 C.C. The customer network data in out-of-service devices can remain undamaged.
 D.D. If devices and storage media are returned from sensitive areas, the contained customer
network data must be erased unless the customer asks for reserving.
Right Answer:C
My Answer:C
Score:3
consequences.
Right Answer:A
My Answer:A
Score:3
17. (3Point(s))(Single choice) Which of the following statements about customer authorization is
incorrect?
 A.A. Before viewing device data, you must obtain written authorization from the customer in
advance.
 B.B. Before collecting device data, you must obtain written authorization from the customer in
advance.
 C.C. Before modifying device data, you must obtain written authorization from the customer in
advance.
 D.D. Before access customer networks, you do not need to obtain written authorization from
the customer in advance.
Right Answer:D
My Answer:D
Score:3
18. (3Point(s))(Single choice) Which of the following statements about third-party devices
during service delivery is incorrect?
 A.A. During service delivery, engineers are not allowed to operate devices from other
vendors in the customer‘s equipment room (except when it is an equipment migration project,
when Huawei provides the auxiliary equipment, or when the operation interfaces of the devices
from other vendors belong to Huawei in a managed service project).
 B.B. Responsibilities towards third-party equipment should be fulfilled according to the
responsibility matrix. You are not allowed to operate or change the third-party equipment at will.
 C.C. Third-party security software can be modified to meet service requirements if necessary.
 D.D. If the equipment of a third-party vendor is to be migrated, the equipment that contains
the storage medium must be processed according to the customer requirements.
Right Answer:C
My Answer:C
Score:3
data, and privacy
privacy
Right Answer:B
My Answer:B
Score:3
 D.D. Faxes
Right Answer:D
My Answer:D
Score:3
Multiple Choice
Right Answer:B,D
My Answer:B,D
Score:5
22. (5Point(s))(Multiple choices) Which of the following statements about remote access process
management are correct?
 A.A. Before remote access, the customer‘s authorization in written form must be obtained and
the authorization scope and time limit must be specified. The remote access operation solution
must be approved by the project team and experts.
 B.B. During the fault locating process, if customer network information collection is required,
you must state the scope, purpose, and security measures to the customers and obtain their
written authorization.
 C.C. The software, versions, patches, and licenses installed on the customer network in
remote access must be from official channels of Huawei, including the support website, formal
emails, and the 3MS case library.
 D.D. After the remote service, you should ask the customer to close remote service
environment on the device side, including cutting off the remote service connection and
terminating the remote service software. You should also remind the customer to change the
password used during the remote service.
 E.E. After the remote service, you should delete the data and information obtained from the
customer network in time. If you need to retain the data, the customer written authorization must
be obtained.
 F.F. There must be strict recording of server logins. Every user should record the login
information in a paper document or IT system.
Right Answer:A,B,D,E,F
My Answer:A,B,D,E,F
Score:5
23. (5Point(s))(Multiple choices) Which of the following statements about Huawei‘s cyber
security requirements for subcontractors are correct?
 A.A. Comply with cyber security regulations of the country where you are located.
 B.B. Comply with Huawei‘s delivery process and cyber security requirements.
 C.C. Continuously strengthen cyber security awareness and attend cyber security trainings.
 D.D. Strengthen the self-check of cyber security onsite behavior.
My Answer:A,B,C,D
Score:5
storage?
 C.C. You must back up data and protect data from viruses.
My Answer:A,B,C,D
Score:5

My Answer:A,B,C,D
Score:5
26. (5Point(s))(Multiple choices) Which of the following requirements are true about the use of
tool software?
 A.A. Tool software is certified by product lines for cyber security redline compliance before
being released. The applicable scope of tool software should be specified in release based on the
security redline test results.
 B.B. All tools (including tools customized for the frontline) should be released at and
downloaded from the support website and product catalogs. Employees can only download tool
software from the support website and product catalogs and use it within the required scope.
 C.C. Employees must not download or use tool software from non-official channels, for
example, download or use third-party software from the Internet, or obtain or use tool software
from R&D through non-official channels.
 D.D. In emergency cases, employees can download third-party software from the Internet for
the purposes of service processing and customer requirement satisfaction. However, after that,
they must report to the tool management department and Cyber Security Office.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
27. (5Point(s))(Multiple choices) Regarding the description of system account management and
access right control, which of the following statements are correct?
 A.A. Remind the customer to conduct necessary limitation to the assess rights and comply
with principles of right- and domain-based control and minimum privilege.
 B.B. Ensure that every employee has a unique user identification and password for his/her
use only.
 C.C. Remind the customer to update all the passwords of the device regularly and ensure the
complexity of the passwords.
 D.D. Clean up the device accounts regularly to eliminate abandoned accounts.
My Answer:A,B,C,D
Score:5

national security and public interest, steal or destroy information, and undermine others‘ legal
rights.
Right Answer:A,D
My Answer:A,D
Score:5
spreading information (such as email, official document, salary, and personnel information)
involved in data transfer and maintenance is prohibited.
My Answer:A,C,D,E
Score:5
30. (5Point(s))(Multiple choices) Which of the following are correct about access permission
management when service engineers provide services for customers‘ live network devices?
 A.A. Huawei suggests that the customer provide computers to operate and maintain the
customer network, and these computers are kept and managed by the customer. If the customer
cannot provide a computer, Huawei will provide one.
 B.B. For employees‘ working computers, the company has the installation and configuration
standards for employees‘ office computers. Employees can install software using the Huawei
idesk tool or with the help from Huawei IT personnel. Employees are not allowed to install non-
standard software by themselves.
 C.C. There are security requirements for accessing the customer network by using the
working computer during services. For example, the computer connected to the customer
network must comply with the network security environment requirements and standards of the
customer‘s live network (for example, virus scanning and removal software requirements). If the
computer or storage medium is infected with viruses, it is prohibited to access the customer
network and you must perform virus scanning and removal in a timely manner.
 D.D. The service engineer can contact the R&D personnel to install the software used in the
R&D department on their computers.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
Exam
Exam Detail Report
True or False Single Choice Multiple Choice Subtotal
Question Count 10 10 10 30
Score 20 30 50 100
Score 18 30 50 98
Account uniportal_ptnw0158
Full Name T.Boy Harfiansyah
Department Temp
Job Temp
True or False
1. (2Point(s))(True or False) During device commissioning, you can add test account information and
account service functions without the customer‘s permission.
True False
Right Answer:False
My Answer:False
Score:2
2. (2Point(s))(True or False) After an on-site or remote service ends, the customer does not need to sign
True False
Right Answer:False
My Answer:False
Score:2
3. (2Point(s))(True or False) When team members work together in the customer‘s venue, to avoid
disturbing the customer, the team members can share the accounts under the condition that the
accounts and passwords will not be disclosed.
True False
Right Answer:False
My Answer:False
Score:2
4. (2Point(s))(True or False) After an on-site service ends, you must clean up all customer-related
temporary work contents (such as intermediate data and login accounts) used in the service. If certain
temporary contents need to be reserved for the follow-up work, you must obtain a prior written
approval from the customer.
True False
Right Answer:True
My Answer:True
Score:2
5. (2Point(s))(True or False) The criteria for grading cyber security violations are mainly based on the
results caused by the violations.
True False
Right Answer:False
My Answer:False
Score:2
6. (2Point(s))(True or False) During equipment commissioning, test account information and account
service functions cannot be added without the customer‘s permission.
True False
Right Answer:True
My Answer:False
Score:0
7. (2Point(s))(True or False) During device commissioning and software upgrade, you can obtain the
software version from unknown channels.
True False
Right Answer:False
My Answer:False
Score:2
8. (2Point(s))(True or False) Cyber security redlines are conditionally mandatory requirements. If the
redlines conflict with services, service requirements take precedence.
True False
Right Answer:False
My Answer:False
Score:2
9. (2Point(s))(True or False) Software obtained from official channels includes software obtained from
Huawei‘s platforms after approval and software delivered with products.
True False
Right Answer:True
My Answer:True
Score:2
10. (2Point(s))(True or False) Before you process or modify data on customer networks or devices,
obtain written authorization from customers. If the operations do not have any impact on the operating
of customer networks and devices, authorization application is not required.
True False
Right Answer:False
My Answer:False
Score:2
Single Choice
11. (3Point(s))(Single choice) Regarding virus detection and removal, which of the following statements
is correct?
A.A. Computers at work have already installed antivirus software and have been updated and optimized
by the IT personnel, so there is no need to scan viruses before connecting to customer networks. B.B.
The computer or storage media with discovered or suspected viruses can access the customer network
with the permission of the customer. C.C. Employees should scan and remove viruses regularly in Full
Scan mode. The computers or storage media with discovered or suspected viruses must not access
customer networks. D.D. The cyber security behavior of subcontractor employees is managed by the
subcontractor, and Huawei is not accountable if the subcontractor employees‘ computer accesses to the
customer network without virus scanning.
Right Answer:C
My Answer:C
Score:3
12. (3Point(s))(Single choice) Regarding the description of on-site service requirements, which of the
A.A. When offering on-site services, the customer must agree and accompany, and the engineer must
use the temporary account and password offered by the customer and must not share such information
with others. B.B. Any operation that is of no risk but out of the operation scope approved by the
customer can be clarified to the customer after implementation. C.C. After an on-site service ends, you
must clean up all temporary work contents (such as intermediate data and login accounts) used in the
service. If certain temporary contents need to be reserved for the follow-up work, you must obtain a
prior written approval from the customer. D.D. After an on-site service ends, the customer needs to sign
Right Answer:B
My Answer:B
Score:3
13. (3Point(s))(Single choice) Regarding the description of system account management and access right
control, which of the following statements is incorrect?
A.A. Remind the customer to conduct necessary limitation to the assess rights and comply with
principles of right- and domain-based control and minimum privilege. B.B. For your convenience, you
can use the identity and password of another user to log in to the device for operation. C.C. You must
remind the customer to update all the passwords of the device regularly and ensure the complexity of
the passwords. D.D. You must clean up the device accounts regularly to eliminate abandoned accounts.
Right Answer:B
My Answer:B
Score:3
14. (3Point(s))(Single choice) Regarding account and password management, which of the following is
not a cyber security violation?
A.A. Reserve an undocumented account in provided products or services. B.B. Attack and undermine
customer networks, or crack customer‘s accounts and passwords. C.C. Disclose and disseminate the
accounts and passwords of customers‘ networks. D.D. Use customers‘ accounts and passwords with
their written authorization.
Right Answer:D
My Answer:D
Score:3
15. (3Point(s))(Single choice) The Cyber Security Baseline Management Requirements mentions that __
is the primary responsible owner for cyber security assurance of the corresponding service network. __
should be responsible for every action that he/she makes and its consequences.
A.A. business directors at all levels; Employees B.B. project managers; Employees C.C. business directors
at all levels; Directors D.D. project managers; Employees
Right Answer:A
My Answer:A
Score:3
16. (3Point(s))(Single choice) A maintenance engineer uses the login accounts and passwords for the
customer network stored in a coworkers‘ computer to access the customer network remotely and
resolve an issue. After investigation, it is discovered that the login accounts were authorized by the
customer six months ago, and the validity period was only 10 days.
Which of the following statements is incorrect?
A.A. Customer authorization management (including authorization letter, accounts, and passwords)
must be strengthened. B.B. You must periodically clear expired customer permissions and remind
customers to cancel the expired authorization. C.C. Customers rather than Huawei should take the
responsibility of management vulnerabilities in access control of the customer network. D.D. Discuss
with the customer for a solution and authorize login permissions again. Accounts and passwords can be
used only by the authorized personnel and should be expired after the validity period, so that if an issue
occurs, the issue can be traced and located.
Right Answer:C
My Answer:C
Score:3
17. (3Point(s))(Single choice) Which of the following is a compliant customer authorization method?
A.Telephone calls B.WeChat videos C.Oral commitments D.Emails
Right Answer:D
My Answer:D
Score:3
18. (3Point(s))(Single choice) During service delivery, which of the following statements is not a cyber
security violation?
A.A. Embed malicious code, malware, or backdoors, or reserve an undocumented account in provided
products or services. B.B. Access a customer‘s system and collect, possess, process, or modify the data
and information on the customer network without prior written permission from the customer. C.C.
Upon expiration of a customer‘s authorization, delete or destroy the customer network data. D.D.
Spread and use shared accounts and passwords without the customer‘s written authorization.
Right Answer:C
My Answer:C
Score:3
19. (3Point(s))(Single choice) Which of the following statements about third-party devices during service
delivery is incorrect?
A.A. During service delivery, engineers are not allowed to operate devices from other vendors in the
customer‘s equipment room (except when it is an equipment migration project, when Huawei provides
the auxiliary equipment, or when the operation interfaces of the devices from other vendors belong to
Huawei in a managed service project). B.B. Responsibilities towards third-party equipment should be
fulfilled according to the responsibility matrix. You are not allowed to operate or change the third-party
equipment at will. C.C. Third-party security software can be modified to meet service requirements if
necessary. D.D. If the equipment of a third-party vendor is to be migrated, the equipment that contains
the storage medium must be processed according to the customer requirements.
Right Answer:C
My Answer:C
Score:3
20. (3Point(s))(Single choice) Which of the following statements about network security is correct?
A.A. Copy the user information obtained in the work, such as the names and mobile numbers, to other
irrelevant colleagues. B.B. To locate faults in maintenance, access a user‘s communication line and
eavesdrop the user‘s voice call. C.C. Illegally monitor users‘ communications and activities or assist in
such illegal monitoring. D.D. Allow the free flow of objective information.
Right Answer:D
My Answer:D
Score:3
Multiple Choice
21. (5Point(s))(Multiple choices) In terms of personal data and privacy protection, which of the following
statements are correct?
A.A. End users‘ rights, especially privacy rights, and freedom regarding the processing of personal data
are protected by laws. B.B. We must try to avoid or minimize the use of personal data. Once personal
data is involved, we must by all means use anonyms or pseudonyms according to the requirement of
laws. C.C. Appropriate technical and organizational measures must be taken to protect personal data to
prevent any unauthorized processing. D.D. If a person unintentionally violates personal data or privacy,
the person is not legally liable.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
22. (5Point(s))(Multiple choices) Which of the following statements about remote access process
management are correct?
A.A. Before remote access, the customer‘s authorization in written form must be obtained and the
authorization scope and time limit must be specified. The remote access operation solution must be
approved by the project team and experts. B.B. During the fault locating process, if customer network
information collection is required, you must state the scope, purpose, and security measures to the
customers and obtain their written authorization. C.C. The software, versions, patches, and licenses
installed on the customer network in remote access must be from official channels of Huawei, including
the support website, formal emails, and the 3MS case library. D.D. After the remote service, you should
ask the customer to close remote service environment on the device side, including cutting off the
remote service connection and terminating the remote service software. You should also remind the
customer to change the password used during the remote service. E.E. After the remote service, you
should delete the data and information obtained from the customer network in time. If you need to
retain the data, the customer written authorization must be obtained. F.F. There must be strict
recording of server logins. Every user should record the login information in a paper document or IT
system.
My Answer:A,B,D,E,F
Score:5
23. (5Point(s))(Multiple choices) Which of the following statements are correct regarding subcontractor
network security for service delivery?
A.A. Subcontractor employees can only use software and tools downloaded from support.huawei.com
or software and tools specified in the subcontract. If you have no access to http://support.huawei.com,
contact Huawei engineers to obtain the desired software and tools. B.B. Maintenance subcontractors
must comply with Huawei‘s maintenance operation guide to repair spare parts, delete related
information, and remove storage media and must comply with confidentiality clauses for information
security. C.C. Subcontractor employees must comply with security regulations about management
services of customers and Huawei. D.D. All data collection, transfer, storage, usage, and processing
operations by subcontractor employees on customer networks must be authorized by customers and
Huawei project teams. Do not disclose customer data or use customer data for any purposes other than
the authorized purposes.
My Answer:A,B,C,D
Score:5
24. (5Point(s))(Multiple choices) Which of the following information cannot be spread or disclosed
during service delivery?
A.A. Site location, site equipment configuration, and networking solution B.B. IP address, device
password, technical specifications, and KPIs C.C. Frequency resources, interconnection parameters, and
service features D.D. Charging information, pipeline information, and terminal user information
My Answer:A,B,C,D
Score:5
25. (5Point(s))(Multiple choices) To collect and process personal data for the purpose of safeguarding
network operation and service, which of the following requirements must be observed?
A.A. You must obtain written authorization from the customer in advance and keep the consent or
authorization record. B.B. When disclosing functions to the customer in product documentation,
describe the following items explicitly: type of collected and processed data, purpose, processing
method, retention period, the next data receiver (if any). C.C. The collection must comply with the
purpose (relevance), necessity, minimum amount, and real-time update principles. Anonyms or
pseudonyms should be used wherever possible. D.D. According the law, personal data in cyber security
sensitive countries must not be transferred to other countries or regions, such as China.
My Answer:A,B,C,D
Score:5
26. (5Point(s))(Multiple choices) Which of the following statements are correct about data usage?
A.A. Transfer customer network data only for the purposes authorized by the customers. B.B. Without
customers‘ consent, you are not allowed to transfer customer network data (including personal data)
out of customer networks. C.C. To avoid the impact on services in an emergency, you can transfer
customer network data (including personal data) from sensitive countries to China. D.D. You can transfer
personal data from the European Economic Area (EEA) and a country sensitive to cyber security issues in
compliance with local laws and regulations.
Right Answer:A,B,D
My Answer:A,B,D
Score:5
27. (5Point(s))(Multiple choices) Which of the following requirements are true about the use of tool
software?
A.A. Tool software is certified by product lines for cyber security redline compliance before being
released. The applicable scope of tool software should be specified in release based on the security
redline test results. B.B. All tools (including tools customized for the frontline) should be released at and
software from the support website and product catalogs and use it within the required scope. C.C.
Employees must not download or use tool software from non-official channels, for example, download
or use third-party software from the Internet, or obtain or use tool software from R&D through non-
official channels. D.D. In emergency cases, employees can download third-party software from the
Internet for the purposes of service processing and customer requirement satisfaction. However, after
that, they must report to the tool management department and Cyber Security Office.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
28. (5Point(s))(Multiple choices) Regarding the description of system account management and access
right control, which of the following statements are correct?
A.A. Remind the customer to conduct necessary limitation to the assess rights and comply with
principles of right- and domain-based control and minimum privilege. B.B. Ensure that every employee
has a unique user identification and password for his/her use only. C.C. Remind the customer to update
all the passwords of the device regularly and ensure the complexity of the passwords. D.D. Clean up the
device accounts regularly to eliminate abandoned accounts.
My Answer:A,B,C,D
Score:5
29. (5Point(s))(Multiple choices) The Universal Declaration of Human Rights states that no one shall be
subject to arbitrary interference with their privacy and communications. Many countries have
implemented or are planning to implement privacy or personal data protection laws to protect user
privacy and communication freedom. Some employees may come into contact with individuals‘ personal
data, such as end users‘ phone numbers, communication contents (such as text messages or voice
mails), traffic, and location logs on customers‘ networks. Laws generally require that personal data be
collected and processed in accordance with the principles of fairness, transparency, relevance,
moderation, and security. Regarding protection of end users‘ privacy and communication freedom,
which activities are not tolerated by Huawei?
A.A. Selling the user information obtained in the work, such as the names and mobile numbers, to
others. B.B. To locate faults in maintenance, access a user‘s communication line and eavesdrop the
user‘s voice call. C.C. Illegally monitor users‘ communications and activities or assist in such illegal
monitoring. D.D. Allow the free flow of objective information.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
A.A. Huawei suggests that the customer provide computers to operate and maintain the customer
network, and these computers are kept and managed by the customer. If the customer cannot provide a
computer, Huawei will provide one. B.B. For employees‘ working computers, the company has the
installation and configuration standards for employees‘ office computers. Employees can install software
using the Huawei idesk tool or with the help from Huawei IT personnel. Employees are not allowed to
install non-standard software by themselves. C.C. There are security requirements for accessing the
customer network by using the working computer during services. For example, the computer
connected to the customer network must comply with the network security environment requirements
and standards of the customer‘s live network (for example, virus scanning and removal software
requirements). If the computer or storage medium is infected with viruses, it is prohibited to access the
customer network and you must perform virus scanning and removal in a timely manner. D.D. The
service engineer can contact the R&D personnel to install the software used in the R&D department on
their computers.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
Exam
Exam Detail Report
True or False Single Choice Multiple Choice Subtotal
Question Count 10 10 10 30
Score 20 30 50 100
Score 20 30 50 100
Account uniportal_b-5065783
Full Name aris darsono
Department Temp
Job Temp
True or False
1. (2Point(s))(True or False) During device commissioning, you can add test account
information and account service functions without the customer‘s permission.
 True
 False
Right Answer:False
My Answer:False
Score:2
2. (2Point(s))(True or False) If risky operations (such as software upgrade, important

hardware replacement, and network structure change) are performed on the customer‘s
equipment, you must explain to the customer in written form in advance. The operation
can be only performed with the customer‘s consent. The operations should be based on
data from the lab or network simulation.
 True
 False
Right Answer:True
My Answer:True
Score:2
 True
 False
Right Answer:True
My Answer:True
Score:2
4. (2Point(s))(True or False) You must obtain customers‘ written authorization before you
install any tools or software on customer networks. In emergency cases, if you cannot get
into touch with customers, you can install temporary software on customers‘ devices and
delete it immediately after the task is completed.
 True
 False
Right Answer:False
My Answer:False
Score:2
5. (2Point(s))(True or False) During device commissioning and software upgrade, you must
obtain the software version from a valid channel.
 True
 False
Right Answer:True
My Answer:True
Score:2
6. (2Point(s))(True or False) The criteria for grading cyber security violations are mainly
based on the results caused by the violations.
 True
 False
Right Answer:False
My Answer:False
Score:2
7. (2Point(s))(True or False) During equipment commissioning, test account information

and account service functions cannot be added without the customer‘s permission.
 True
 False
Right Answer:True
My Answer:True
Score:2
8. (2Point(s))(True or False) Cyber security redlines are conditionally mandatory

requirements. If the redlines conflict with services, service requirements take precedence.
 True
 False
Right Answer:False
My Answer:False
Score:2

transfer-to-maintenance, do not retain or use the administrator account or other
unauthorized accounts. Therefore, after the project is transferred to maintenance or
commercially used, the network account password must be handed over to the customer,
and the customer needs to change the initial password and sign for confirmation.
 True
 False
Right Answer:True
My Answer:True
Score:2
10. (2Point(s))(True or False) Software obtained from official channels includes software
obtained from Huawei‘s platforms after approval and software delivered with products.
 True
 False
Right Answer:True
My Answer:True
Score:2
Single Choice
11. (3Point(s))(Single choice) Regarding virus detection and removal, which of the
following statements is correct?
 A.A. Computers at work have already installed antivirus software and have been updated and
optimized by the IT personnel, so there is no need to scan viruses before connecting to customer
networks.
 B.B. The computer or storage media with discovered or suspected viruses can access the
customer network with the permission of the customer.
 C.C. Employees should scan and remove viruses regularly in Full Scan mode. The
computers or storage media with discovered or suspected viruses must not access customer
networks.
 D.D. The cyber security behavior of subcontractor employees is managed by the

subcontractor, and Huawei is not accountable if the subcontractor employees‘ computer
accesses to the customer network without virus scanning.
Right Answer:C
My Answer:C
Score:3
Right Answer:D
My Answer:D
Score:3
13. (3Point(s))(Single choice) Which of the following statements is correct regarding

network security?
Right Answer:C
My Answer:C
Score:3
14. (3Point(s))(Single choice) Which of the following is a non-compliant customer

authorization method?
 A.Emails
 B.Meeting minutes
 C.Faxes
 D.Oral commitments
 E.Service applications
Right Answer:D
My Answer:D
Score:3
15. (3Point(s))(Single choice) Which of the following statements is incorrect about data
usage?
 A.A. Papers containing customer network data must be destructed.

 B.B. If an employee changes positions, the employee should recycle or conduct
unrecoverable deletion of the customer network data and cancel the corresponding information
system assess rights.
 C.C. The customer network data in out-of-service devices can remain undamaged.
 D.D. If devices and storage media are returned from sensitive areas, the contained customer
network data must be erased unless the customer asks for reserving.
Right Answer:C
My Answer:C
Score:3
16. (3Point(s))(Single choice) A maintenance engineer uses the login accounts and
passwords for the customer network stored in a coworkers‘ computer to access the
customer network remotely and resolve an issue. After investigation, it is discovered that
the login accounts were authorized by the customer six months ago, and the validity period
was only 10 days. Which of the following statements is incorrect?

Accounts and passwords can be used only by the authorized personnel and should be expired
after the validity period, so that if an issue occurs, the issue can be traced and located.
Right Answer:C
My Answer:C
Score:3
17. (3Point(s))(Single choice) Which of the following statements about customer

authorization is incorrect?
 A.A. Before viewing device data, you must obtain written authorization from the customer in
advance.
 B.B. Before collecting device data, you must obtain written authorization from the customer in
advance.
 C.C. Before modifying device data, you must obtain written authorization from the customer in
advance.
 D.D. Before access customer networks, you do not need to obtain written authorization from
the customer in advance.
Right Answer:D
My Answer:D
Score:3
18. (3Point(s))(Single choice) Which of the following statements about network security is
correct?
 A.A. Copy the user information obtained in the work, such as the names and mobile numbers,
to other irrelevant colleagues.
Right Answer:D
My Answer:D
Score:3
19. (3Point(s))(Single choice) Huawei‘s definition of cyber security is to ensure the

availability, integrity, confidentiality, traceability, and robustness of ____ based on a legal
framework. Additionally, it protects the ____ carried therein and the flow of unbiased
information. Cyber security assurance aims to prevent the economic benefits and
reputation of Huawei and its customers from harm. Cyber security protects Huawei‘s
employees or the company itself from bearing civil, administrative liability, or even
criminal liability, and avoids cyber security to be used as an excuse for trade protection,
and a fuse that sets off an international political crisis.

data, and privacy
privacy
Right Answer:B
My Answer:B
Score:3
 D.D. Faxes
Right Answer:D
My Answer:D
Score:3
Multiple Choice
21. (5Point(s))(Multiple choices) An R&D engineer comes to the site to support a test
project. Customer engineer A authorizes this R&D engineer to assign one set of account
and password. This engineer forwards the account and password to multiple customer
engineers and certain customer executives through email. Which of the following

Right Answer:B,D
My Answer:B,D
Score:5
22. (5Point(s))(Multiple choices) In terms of personal data and privacy protection, which of
the following statements are correct?
 A.A. End users‘ rights, especially privacy rights, and freedom regarding the processing of
personal data are protected by laws.
 B.B. We must try to avoid or minimize the use of personal data. Once personal data is
involved, we must by all means use anonyms or pseudonyms according to the requirement of
laws.
 C.C. Appropriate technical and organizational measures must be taken to protect personal
data to prevent any unauthorized processing.
 D.D. If a person unintentionally violates personal data or privacy, the person is not legally
liable.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
23. (5Point(s))(Multiple choices) Which of the following statements about remote access
process management are correct?
 A.A. Before remote access, the customer‘s authorization in written form must be obtained and
the authorization scope and time limit must be specified. The remote access operation solution
must be approved by the project team and experts.
 B.B. During the fault locating process, if customer network information collection is required,
you must state the scope, purpose, and security measures to the customers and obtain their
written authorization.
 C.C. The software, versions, patches, and licenses installed on the customer network in
remote access must be from official channels of Huawei, including the support website, formal
emails, and the 3MS case library.
 D.D. After the remote service, you should ask the customer to close remote service
environment on the device side, including cutting off the remote service connection and
terminating the remote service software. You should also remind the customer to change the
password used during the remote service.
 E.E. After the remote service, you should delete the data and information obtained from the
customer network in time. If you need to retain the data, the customer written authorization must
be obtained.
 F.F. There must be strict recording of server logins. Every user should record the login
information in a paper document or IT system.
My Answer:A,B,D,E,F
Score:5
24. (5Point(s))(Multiple choices) Follow the management regulations of the customer or

related organization when entering or exiting ______. Management rules satisfying
customer requirements must be formulated and implemented for the NOC and RNOC
built by Huawei.
My Answer:A,B,C,D
Score:5
25. (5Point(s))(Multiple choices) Which of the following requirements are true about the
use of tool software?
 A.A. Tool software is certified by product lines for cyber security redline compliance before
being released. The applicable scope of tool software should be specified in release based on the
security redline test results.
 B.B. All tools (including tools customized for the frontline) should be released at and
software from the support website and product catalogs and use it within the required scope.
 C.C. Employees must not download or use tool software from non-official channels, for
example, download or use third-party software from the Internet, or obtain or use tool software
from R&D through non-official channels.
 D.D. In emergency cases, employees can download third-party software from the Internet for
the purposes of service processing and customer requirement satisfaction. However, after that,
they must report to the tool management department and Cyber Security Office.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
26. (5Point(s))(Multiple choices) Regarding the description of system account management

and access right control, which of the following statements are correct?
 A.A. Remind the customer to conduct necessary limitation to the assess rights and comply
with principles of right- and domain-based control and minimum privilege.
 B.B. Ensure that every employee has a unique user identification and password for his/her
use only.
 C.C. Remind the customer to update all the passwords of the device regularly and ensure the
complexity of the passwords.
 D.D. Clean up the device accounts regularly to eliminate abandoned accounts.
My Answer:A,B,C,D
Score:5
27. (5Point(s))(Multiple choices) It is Huawei‘s important social responsibility to support

the secure operation of customers‘ networks and services. Huawei employees should be
aware of and comply with all applicable laws, regulations, customers‘ operational
standards as well as Huawei‘s internal processes and policies. Failure to do so may result in
disciplinary action within Huawei and may result in civil or even criminal liabilities. Which
of the following activities are not tolerated according to the BCG?
national security and public interest, steal or destroy information, and undermine others‘ legal
rights.
Right Answer:A,D
My Answer:A,D
Score:5
28. (5Point(s))(Multiple choices) Regarding the description of data security and

information confidentiality requirements in a service system, which of the following
spreading information (such as email, official document, salary, and personnel information)
involved in data transfer and maintenance is prohibited.
My Answer:A,C,D,E
Score:5
 A.A. Huawei suggests that the customer provide computers to operate and maintain the
customer network, and these computers are kept and managed by the customer. If the customer
cannot provide a computer, Huawei will provide one.
 B.B. For employees‘ working computers, the company has the installation and configuration
standards for employees‘ office computers. Employees can install software using the Huawei
idesk tool or with the help from Huawei IT personnel. Employees are not allowed to install non-
standard software by themselves.
 C.C. There are security requirements for accessing the customer network by using the
working computer during services. For example, the computer connected to the customer
network must comply with the network security environment requirements and standards of the
customer‘s live network (for example, virus scanning and removal software requirements). If the
computer or storage medium is infected with viruses, it is prohibited to access the customer
network and you must perform virus scanning and removal in a timely manner.
 D.D. The service engineer can contact the R&D personnel to install the software used in the
R&D department on their computers.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
30. (5Point(s))(Multiple choices) Which of the following behavior that damages the security
of customer network and information are not allowed?

consultants.
My Answer:A,B,C,D
Score:5
True or False
1. (2Point(s))(True or False) During device commissioning, you can add test account information
and account service functions without the customer‘s permission.
 True
 False
Right Answer:False
My Answer:False
Score:2
2. (2Point(s))(True or False) After an on-site or remote service ends, the customer does not need
to sign in the service report to confirm that the log in password has been changed.
 True
 False
Right Answer:False
My Answer:False
Score:2
3. (2Point(s))(True or False) After an on-site or remote service ends, the customer needs to sign
 True
 False
Right Answer:True
My Answer:False
Score:0

simulation.
 True
 False
Right Answer:True
My Answer:True
Score:2
 True
 False
Right Answer:True
My Answer:True
Score:2
 True
 False
Right Answer:False
My Answer:False
Score:2
7. (2Point(s))(True or False) The criteria for grading cyber security violations are mainly based
on the results caused by the violations.
 True
 False
Right Answer:False
My Answer:False
Score:2

 True
 False
Right Answer:True
My Answer:True
Score:2

 True
 False
Right Answer:True
My Answer:True
Score:2
10. (2Point(s))(True or False) Before you process or modify data on customer networks or
devices, obtain written authorization from customers. If the operations do not have any impact on
the operating of customer networks and devices, authorization application is not required.
 True
 False
Right Answer:False
My Answer:False
Score:2
Single Choice
incorrect?
laws.
possible.
to deal with it.
Right Answer:C
My Answer:C
Score:3
project team or contact Huawei project manager to confirm the requirements and then perform the
construction.
manager of Huawei.
Right Answer:A
My Answer:C
Score:0
Right Answer:D
My Answer:D
Score:3
security?
Right Answer:C
My Answer:C
Score:3
15. (3Point(s))(Single choice) Which of the following statements about camera shooting or video
recording in the customer office area is correct?
 A.A. Use digital or common cameras to take photos without prior authorization from
customers.
 B.B. Share photos or videos taken with cameras or mobile phone cameras to social
networking sites without prior authorization from customers.
 C.C. Share photos or videos taken with cameras or mobile phone cameras to IM groups
without prior authorization from customers.
 D.D. If a digital or common camera, including any video cameras or mobile phone cameras,
is used on the customer‘s venue, prior authorization must be obtained from the customer.
Right Answer:D
My Answer:D
Score:3
consequences.
Right Answer:A
My Answer:A
Score:3
 A.A. Use data within the scope of authorization. Do not use or disclose the data in any form
for any unauthorized purpose.
 B.B. After a project is completed, you are allowed to store customer network data on your
work computer for reference in future external communication and discussions unless otherwise
required by the customer.
 C.C. You must obtain written authorization or anonymize data if customer network data,
except data from open sources, is involved in external communication, discussion, or demonstration
purposes.
 D.D. Customer network data must be anonymized and cannot be directly used for case study
or knowledge sharing.
Right Answer:B
My Answer:B
Score:3
18. (3Point(s))(Single choice) A maintenance engineer uses the login accounts and passwords for
the customer network stored in a coworkers‘ computer to access the customer network remotely
and resolve an issue. After investigation, it is discovered that the login accounts were authorized
by the customer six months ago, and the validity period was only 10 days. Which of the
Accounts and passwords can be used only by the authorized personnel and should be expired after
the validity period, so that if an issue occurs, the issue can be traced and located.
Right Answer:C
My Answer:C
Score:3

data, and privacy
privacy
Right Answer:B
My Answer:B
Score:3
 D.D. Faxes
Right Answer:D
My Answer:D
Score:3
Multiple Choice
Right Answer:B,D
My Answer:B,D
Score:5
storage?
 C.C. You must back up data and protect data from viruses.
My Answer:A,B,C,D
Score:5
23. (5Point(s))(Multiple choices) Follow the management regulations of the customer or related
organization when entering or exiting ______. Management rules satisfying customer
requirements must be formulated and implemented for the NOC and RNOC built by Huawei.
My Answer:A,B,C,D
Score:5


My Answer:A,B,C,D
Score:5
usage?
 A.A. Transfer customer network data only for the purposes authorized by the customers.
 B.B. Without customers‘ consent, you are not allowed to transfer customer network data
(including personal data) out of customer networks.
 C.C. To avoid the impact on services in an emergency, you can transfer customer network
data (including personal data) from sensitive countries to China.
 D.D. You can transfer personal data from the European Economic Area (EEA) and a country
sensitive to cyber security issues in compliance with local laws and regulations.
Right Answer:A,B,D
My Answer:A,B,D
Score:5
26. (5Point(s))(Multiple choices) Which of the following statements are correct regarding
subcontractor network security?
 A.A. All new subcontractors concerning cyber security must pass cyber security certification.
 B.B. Cyber security redline is a requirement for Huawei employees and is irrelevant to
subcontractors‘ employees.
 C.C. Subcontractor employees must comply with the customer‘s rules and regulations, obey
the customer‘s management requirements, do not attack or destroy the customer network, and do
not crack the passwords of the customer‘s accounts.
 D.D. Subcontractor employees must not access a customer‘s system and collect, possess,
process, or modify the data and information on the customer network without written permission
from the customer.
Right Answer:A,C,D
My Answer:A,C,D
Score:5
national security and public interest, steal or destroy information, and undermine others‘ legal rights.
Right Answer:A,D
My Answer:A,D
Score:5
28. (5Point(s))(Multiple choices) The Universal Declaration of Human Rights states that no one
shall be subject to arbitrary interference with their privacy and communications. Many countries
have implemented or are planning to implement privacy or personal data protection laws to
protect user privacy and communication freedom. Some employees may come into contact with
individuals‘ personal data, such as end users‘ phone numbers, communication contents (such as
text messages or voice mails), traffic, and location logs on customers‘ networks. Laws generally
require that personal data be collected and processed in accordance with the principles of
fairness, transparency, relevance, moderation, and security. Regarding protection of end users‘
privacy and communication freedom, which activities are not tolerated by Huawei?
 A.A. Selling the user information obtained in the work, such as the names and mobile
numbers, to others.
Right Answer:A,B,C
My Answer:A,B,C
Score:5
spreading information (such as email, official document, salary, and personnel information) involved
in data transfer and maintenance is prohibited.
My Answer:A,C,D,E
Score:5
30. (5Point(s))(Multiple choices) Which of the following behavior that damages the security of
customer network and information are not allowed?
consultants.
My Answer:A,B,C,D
Score:5

UJIAN CYBER SEC - v2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

UJIAN CYBER SEC - v2

Uploaded by

Copyright:

Available Formats

True or False

4. (2Point(s))(True or False) If risky operations (such as software upgrade, important hardware

8. (2Point(s))(True or False) During equipment commissioning, test account information and

9. (2Point(s))(True or False) Cyber security redline requirements: After commercial use or

measurements must be taken to ensure data security.

to deal with it.

positions and is not related to other employees.

 A.A. Reserve an undocumented account in provided products or services.

exist on the device.

service functions to facilitate work without the customer‘s permission.

work, such as playing online games and logging in to irrelevant websites.

networking sites without prior authorization from customers.

without prior authorization from customers.

 A.A. business directors at all levels; Employees

 C.C. business directors at all levels; Directors

 D.D. project managers; Employees

for any unauthorized purpose.

 A.A. Customer authorization management (including authorization letter, accounts, and

passwords) must be strengthened.

cancel the expired authorization.

vulnerabilities in access control of the customer network.

 A.A. Products and solutions; information of customers‘ products and systems

data, and privacy

 A.A. Face to face communication

 B.B. Communication over the phone

 C.C. Notifying the other party through an encrypted email

does not violate cyber security requirements.

 B.B. Disseminating/Sharing accounts and passwords violates cyber security regulations.

does not violate cyber security regulations.

prevent unauthorized access or data loss.

permissions on a regular basis.

 A.A. customer equipment rooms

 B.B. customer network management centers

 D.D. sensitive areas including governments and military zones

24. (5Point(s))(Multiple choices) Which of the following information cannot be spread or

 A.A. Site location, site equipment configuration, and networking solution

 B.B. IP address, device password, technical specifications, and KPIs

 C.C. Frequency resources, interconnection parameters, and service features

 D.D. Charging information, pipeline information, and terminal user information

(including personal data) out of customer networks.

data (including personal data) from sensitive countries to China.

27. (5Point(s))(Multiple choices) It is Huawei‘s important social responsibility to support the

malware, or backdoors, and do not develop or distribute viruses.

After a system upgrade and restart, the link is disconnected.

user‘s voice call.

 D.D. Allow the free flow of objective information.

user name or password.

communicated by telephone, encrypted email, or fax.

to be sent and corresponding recipients must be controlled strictly.

possess, process, or modify any data or information in the customer network.

 B.B. Develop, replicate, or spread computer viruses, or attack customers‘ communications

infrastructure, such as networks, in other ways.

steal or destroy others‘ information, or undermine others‘ legal rights.

True or False Single Choice Multiple Choic

Full Name Andi Kurniawan

2. (2Point(s))(True or False) If risky operations (such as software upgrade, important hardware

5. (2Point(s))(True or False) Employees should scan and remove viruses on computers/terminals

8. (2Point(s))(True or False) During equipment commissioning, test account information and

measurements must be taken to ensure data security.

to deal with it.

positions and is not related to other employees.

exist on the device.

service functions to facilitate work without the customer‘s permission.