Cyber 2

Show question answer Page 1 of 14
Paper Cyber Security Service Work Certificate English
Answered by :WX537422 Total exam score:100.0 Exam score:82.0
1.True or False
According to cyber security redlines, do not reserve or use an admin account or other unauthorized accounts after the
product has been deployed for commercial use or has been transferred to the maintenance phase. Instead, the network
account password must be handed over to the customer who is required to modify the initial password and sign for
confirmation.
True False
Answers of examinees：True Correct answer
questionScore:(2.0) Current Score: 2.0
2.True or False
The cyber security redlines are conditional requirements, and must give top priority to business needs when it conflicts with
the business.
True False
Answers of examinees：True Wrong answer
3.True or False
When handling or modifying customers' network data, you must apply to customers for written authorization in advance.
However, if the operation does not affect customer network running, there is no need to apply to customers.
True False
Answers of examinees：False Correct answer
4.True or False
Employees must remove viruses regularly on computers/terminals. The computer or storage media with discovered or
suspected viruses must not access the customer network.
True False
http://ilearning.huawei.com/exam/usermain/paper/userpaper.viewuserhispaperqueslist.flow... 1/19/2018
5.True or False
When working together at customer sites, team members can share an account to avoid disturbing customers on the
premise that the account and password are not disclosed.
True False
Answers of examinees：True Wrong answer
6.True or False
You must first get written authorization from customers before installing any tool or software on the customer network. In
case of an emergency such as the customer being not within contact, the temporary software installed on the customer
device must be removed the moment you complete the task.
True False
Answers of examinees：False Correct answer
7.True or False
The super user and password must be managed by the customer. If network operations must use the super user for login,
you must apply to the customer first and then remind the customer timely to change the password the minute you complete
the operation.
True False
8.True or False
A company's responsibility for the customer network and business security assurance surpasses its commercial interests.
True False
9.True or False
The software obtained through official corporate channels means the software obtained after application and approval, or
the software delivered with the device.
True False
10.True or False
In training services, to quote customer information, you must edit out the sensitive information in advance or obtain written
authorization from the customer.
True False
11.Multiple Choice(Select one choice)

Send the data that contains personal information in the carrier network to the headquarters for troubleshooting analysis,
which of the following statements is INCORRECT?
a.Ask for permission of the carrier and perform the essential procedure according to local laws.
b.When data is transferred to the headquarters, adopt proper organizational and technical measurements to ensure
data security.
c.Problem solving is the top priority, so transfer the data as fast as possible.
d.Ask for advice from the manager and cyber security department if you do not know how to deal with it.
Answers of examinees：c Correct answer

Which of the following statements about data usage is INCORRECT?
a.Use the customer network data within the scope of authorization. Do not use or publish the customer network data in
any form for any unauthorized purpose.
b.If customers do not put forward clear requirements after the project ends, you can reserve some customer network
data on the work computer for external communication and discussion in future.
c.If external communication, discussion, or display materials involve customer network data, you must obtain customer
authorization or edit out sensitive information, except public data or information.
d.If case study or knowledge sharing involves customer network data, you must edit out sensitive information instead of
direct use.
Answers of examinees：b Correct answer

Which of the following customer authorization methods does not comply with requirements?
a.E-mail
b.Meeting minutes
c.Fax
d.Verbal commitment
e.Service application
Answers of examinees：d Correct answer
Regarding data disposal, which of the following statements is INCORRECT?
a.Papers containing customer network data must be destructed.
b.If changing positions, the employee should recycle or conduct unrecoverable deletion of the customer network data
and cancel the corresponding information system assess right.
c.The customer network data in out-of-service device may not be destructed.
d.If devices and storage media are returned from sensitive areas, the contained customer network data must be erased
unless the customer asks for reserving.
Answers of examinees：c Correct answer

Huawei’s definition of cyber security is to ensure the availability, integrity, confidentiality, traceability, and robustness of
____ based on a legal framework. Additionally, it protects the____ carried therein, and the flow of unbiased information.
Cyber security assurance prevents Huawei and its customers from suffering economic and reputation loss, Huawei and the
perpetrator from assuming civil, administrative, and even criminal responsibilities, Huawei from being used as an excuse of
trading protection, and Huawei from becoming a safety fuse of an international political crisis.
a.products and solutions information of customers’ products and systems
b.products, solutions, and services customers' or users' communication content, personal data, and privacy
c.products, solutions, and services security of customers’ products and systems
d.products and services customers' or users' communication content, personal data, and privacy
Answers of examinees：b Correct answer

As mentioned in Management Requirements on Cyber Security Baseline, ( ) are the first owners for ensuring cyber security
of the related businesses, and ( ) are the first owners for ensuring cyber security of the related processes.
a.Business managers at all levels, process owners at all levels
b.Process owners at all levels, business managers at all levels
c.Business owners, process handlers
d.Process handlers, business owners
Answers of examinees：a Correct answer
Regarding account password management, which of the following statements does not belong to cyber security violations?
a.Reserve an undocumented account in provided products or services.
b.Attack and destroy the customers' networks; crack the password of customers' accounts.
c.Disclose and disseminate the accounts and passwords of the customers' network.
d.Use accounts and passwords with the customers' written authorization.
Answers of examinees：d Correct answer

Regarding the description of on-site service requirements, which of the following statements is INCORRECT?
a.When offering the on-site service, the customer must agree and accompany, and the engineer must use the
temporary account and password offered by the customer and must not share with others.
b.Any operation that is of no risk but out of the operation scope approved by the customer can state to the customer
after implementation.
c.After the on-site service ends, clean up all temporary work content during the service(for example, delete the process
data and cancel the login account). If certain temporary content needs to be reserved for the follow-up work, you must
obtain the written approval from the customer.
d.After the on-site service ends, the customer needs to sign in the service report to confirm whether the login password
has been changed.
Answers of examinees：d Wrong answer
The GCSO Office/BG Cyber Security Office is responsible for determining the level of the reported cyber security crisis and
organizing the establishment of a cyber security crisis management work team. As for core members of the crisis
management work team, which of the following statements is INCORRECT?
a.The country CSO is the work team leader.
b.Manager of BG/BU/Regional Dept./Account Dept./Rep. Office is the work team leader.
c.The GCSO/Director of GCSO Office/Director of BG/BU Cyber Security Office is the deputy team leader.
d.The Legal Affairs Dept. is the mandatory core member.
Answers of examinees：c Wrong answer

A maintenance engineer uses the login accounts and passwords for the customer network stored in a coworker computer to
access the customer network remotely and resolve the issue. After investigation, it is discovered that the login accounts
were authorized by the customer six months ago, and the validity period was only 10 days.Which of the following
statements is INCORRECT?
a.Strengthen customer authorization management, including the authorization letters, accounts, and passwords.
b.Periodically clear expired customer permissions and remind customers to cancel the expired authorization.
c.Customers rather than Huawei should take the responsibility of management vulnerabilities in access control of the
customer network.
d.Discuss with the customer for a solution and authorize login permissions again. Accounts and passwords can be used
only by the authorized person and should be expired after the validity period, so that if an issue occurs, the issue can be
traced and located.
Answers of examinees：b Wrong answer
21.Multiple Select (Select two or more choices)
Which of the following statements are CORRECT concerning data storage?
a.Judiciously manage paper documents and storage media or devices that contain customer network data to prevent
unauthorized access or data loss.
b.Strictly control access permissions to the customer network data, and maintain permissions regularly.
c.Conduct data backup and protect data from viruses.
d.Before a staff leaves the sensitive area, the equipment or storage media containing customer data network must be
removed or transferred to the local server or other storage media that have management measures.
Answers of examinees：abcd Correct answer

Which of the following statements are INCORRECT if engineer Z is asked to resolve packet loss issues on a customer
device as soon as possible?
a.Considering that the customer requirement is urgent, immediately access the customer system for packet capture and
troubleshooting.
b.First, apply to the customer for approval and obtain the written authorization for accessing the customer system.
c.Directly access the customer system for processing after contacting the customer for multiple times but failing to
obtain any response.
d.Employee Z has a good relationship with the customer, so the employee can access the customer system first and
apply for written authorization later.
Answers of examinees：acd Correct answer

In a testing program, an R&D engineer supports testing onsite. The customer engineer A assigns the R&D engineer an
account and its password, and R&D engineer forwards this account and password to many other customer engineers,
several top customer managers include Which of the following statements are CORRECT?
a.Providing account and password information to several customer engineers does not involve cyber security violation.
b.Spreading /sharing account and password is a cyber security violation.
c.The R&D engineer accidentally spreads the account and password information, which does not involve cyber security
violation.
d.The R&D engineer should carefully confirm the customer authorization scope.
Answers of examinees：bd Correct answer
No one is allowed for any behavior that damages the security of customers' network and information, such as:
a.Without written authorization from the customer, access the customer's network; collect, keep, process, and modify
any data and information in the customer's network.
b.Develop, replicate, and spread computer viruses or attack customers’ infrastructure, such as the network, in other
ways.
c.Use networks to carry out any activities that harm national security and the public interest, steal or destroy others'
information and violate others' legal rights.
d.The requirements above apply to relevant suppliers, engineering partners, and consultants.

The Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with their privacy
and correspondence. Many countries have implemented or are planning to implement privacy or personal data protection
laws. Protect user privacy and communication freedom. Some employees may come into contact with individuals' personal
data, such as end users' telephone number, content of their communications (such as text messages or voice mails), traffic
and location logs on the customers' networks. It is universally required by laws that when collecting and processing personal
data, one should comply with the principles of fairness, transparency, relevancy, appropriateness, and secure protection.
Regarding protection of end uses' privacy and communication freedom, which activities cannot be tolerated by our
company?
a.Sell user materials, such as user names and phone numbers, obtained from work to others.
b.To locate issues in maintenance, access a user's communication line and eavesdrop the user's voice call.
c.Illegally monitor users' communications and activities or assist in such illegal monitoring.
d.Allow the free flow of unbiased information.
Answers of examinees：abc Correct answer
It is Huawei's important social responsibility to support the secure operation of customers' networks and business. Huawei
employees should be aware of and comply with all applicable laws, regulations, customers' operational standards as well as
Huawei's internal processes and policies. Failure to do so may result in disciplinary action within Huawei and may result in
civil or even criminal liabilities. Which of the following activities cannot be tolerated according to the BCG?
a.Access, without customers' authorization, customers’ systems and equipment to collect, possess, process, or modify
data and information in customers’ networks and equipment, or disclose and disseminate customers' data and information.
b.Do not embed malicious code, malware, or backdoors in products, deliveries, and services, and develop and/ or
distribute viruses.
c.During network configurations, delete the system startup configuration file by accident. After system upgrade and
restart, the link is disconnecte
d.Attack, destroy, or damage customers' networks or take advantage of customers' networks to steal or destroy
information or commit any activity that endangers national security, the public interest, or the legal rights and/or interests of
other parties.
Answers of examinees：abd Wrong answer

Regarding Huawei cyber security governance, organization design, policies, and procedures, which of the following
statements are CORRECT?
a.Huawei established the Global Cyber Security Committee (GCSC), consisting of the board members and Global
Process Owners (GPOs). The Global Cyber Security Officer (GCSO) and subordinate security organizations support the
GCSC to implement the cyber security strategies.
b.Huawei incorporates security goals into the company business processes and implements the company's
programmatic documents such as strategies through more specific policies, organization, and process documents.
c.Huawei auditors use the Key Control Points (KCPs) and the global process control manual to ensure that processes
are effective and executed.
d.Huawei governance, organization design, policies, and procedures ensure that cyber security requirements are
effectively implemented rather than remain on paper.
To collect and process personal data for the purpose of safeguarding network operation and service, which of the following
requirements shall Huawei comply with?
a.Obtain written authorization from the customer in advance and keep the consent or authorization record.
b.Disclose the function to the customer using product materials and describe the following items explicitly: type of
collected and handled data, purpose, handling method, deadline, the next data receiver (if any).
c.The collection should comply with the purpose correlation, necessity, minimum, and real-time update principles.
Anonyms or pseudonyms shall be used wherever possible.
d.According to laws, personal data from cyber security sensitive countries should not be transferred to other countries or
areas including China.

Regarding releasing communication materials to the public, which of the following activities are CORRECT?
a.Do not mention technologies and solutions which may lead to misunderstanding regarding user privacy protection,
such as DPI(Deep Packet Inspection), location-based service, lawful interception, remote access, and data transfer.
b.Never excerpt users' personal information or customers' network data without customers' written authorization (except
public information).
c.Suggest source-code level security testing to customers for competition testing.
d.Do not spread cyber security cases, which may easily cause any misunderstanding about Huawei, such as security
baselines and security alarms.
Answers of examinees：abd Correct answer
Which of the following statements are CORRECT about data transfer?
a.Strictly follow the customer authorized purpose for customer network data transfer operations.
b.Without the customers' consent, do not transfer customers' network data (including personal data) out of the
customers' network.
c.In case of an emergency, customer network data (including personal data) of sensitive countries can be transferred
back to China to avoid service delay.
d.Transfer of personal data from the European Economic Area (EEA) and other sensitive countries should comply with
local laws and regulations.
Answers of examinees：abd Correct answer

Which of the following statements are CORRECT about on-site cyber security management requirements for employees on
business trips?
a.When an employee on a business trip gets to the destination, the destination department should require the employee
to study the training materials of cyber security, participate in cyber security training, pass the cyber security test, and sign
the commitment of cyber security redlines. The destination department should keep a record of the employee's study, test,
and commitment.
b.During the employee's business trip, the destination department should regard the employee as its own staff and
implement regular cyber security management.
c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination
department should bear the management liability if the supervisor did not perform due duties in management or failed to
take any measures after knowing the violation.
d.If an employee on business trips supports a project, the department with management responsibilities is the project
team; if the employee does not enter the project, the department with management responsibilities is the corresponding
platform department.
In the event of a major incident, how is Huawei equipped to ensure that their customers can and will be informed timely and
that the right resources are made available within the company to respond to the incident?
a.Huawei adopts the ITR process and iCare system that serves global customers to handle the entire process of all
customer events.
b.In case of a major security incident, customers are immediately informed through emails, SMSs, telephone, or face-to-
face communication. We also notify management at different levels based on the incident level to muster their support.
c.If a security incident is caused by a vulnerability, this incident will be escalated to Huawei PSIRT and included into the
vulnerability response process. Huawei PSIRT assesses all affected products and releases a security advisory (SA) for
affected customers.
d.Huawei PSIRT (a role in the IPD process) reports severe security incidents to product line managers and includes the
security incident into the enterprise crisis management process. The crisis management workgroup takes part in the
process and ensures timely resolution, during which senior managers may review reports on crisis handling and
management improvement.

Which of the following statements are CORRECT about the usage requirements of tools/software?
a.The tool/software release department needs to complete cyber security redline authentication of physical product lines
before the product release. The application scope of the tool/software must be clarified according to the redline testing
results during the release.
b.The Support website and the product catalog are legal publication and download platform. All the tools (including the
frontline custom tools) must be released on the legal platform. Employees can download software from only the Support
website, product catalogs, and use software tools within the specified scope.
c.Employees are forbidden to download/use tool software from other illegal channels, for example download a third-
party software from the Internet, or obtain or use R&D tool software from illegal channels.
d.To meet business processing and customer requirements in an emergency, we can download a third-party software
from the Internet, but afterwards should report promptly to the tool management department and cyber security office.
Regarding remote access process management (for sensitive countries), which of the following statements are CORRECT?
a.Before remote access, you must get customer written authorization to specify the authorization scope and time
limitation. The operation scheme of remote access should be approved by the project team and experts.
b.During the troubleshooting process, if customer network information collection is needed, you must state the scope,
purpose, and security measures to the customer and obtain the customer's written authorization.
c.The software, versions, patches, and licenses installed on the customer network in remote access must be from the
official channel of our company, including the support website, formal email, and 3MS case library.
d.After the remote service ends, you should inform the customer to close remote service environment on the device
side, including cutting off the remote service connection through the network and terminating the remote service software.
You should also remind the customer to change the password used during the remote service.
e.After remote service ends, you should delete the data and information obtained from the customer network in time. If
you need to reserve the data, the customer written authorization must be obtained.
f.There must be strict recording of the server use. Every user should record the use information in a written document or
IT system.
Answers of examinees：abcdef Wrong answer

What controls does service engineer put around the use of laptops or engineering technology their engineers carry? For
example, can the service engineers load their own software tools onto their laptop?
a.We suggest that computers used for maintenance be provided and managed by customers if possible. If the
computers cannot be provided by customers, our employees' work computers will be used.
b.To protect the customer network and data security, our corporation has strict computer configuration and customer
network access requirements. The software in the work computers must be installed through Huawei iDesk tool or by
Huawei IT personnel.
c.The computers must meet the security requirements and standards. If a computer is infected or suspected to be
infected by viruses, the computer cannot be connected to customer networks and must be scanned to remove the viruses.
d.Service engineer can install internal R&D software tools through directly contact with R&D staff.
close

Cyber 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber 2

Uploaded by

Copyright:

Available Formats

Show question answer Page 1 of 14

Paper Cyber Security Service Work Certificate English

Answered by :WX537422 Total exam score:100.0 Exam score:82.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Wrong answer

questionScore:(2.0) Current Score: 0.0

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Wrong answer

questionScore:(2.0) Current Score: 0.0

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

11.Multiple Choice(Select one choice)

Answers of examinees：c Correct answer

questionScore:(2.0) Current Score: 2.0

12.Multiple Choice(Select one choice)

Answers of examinees：b Correct answer

questionScore:(2.0) Current Score: 2.0

13.Multiple Choice(Select one choice)

Answers of examinees：d Correct answer

questionScore:(2.0) Current Score: 2.0

14.Multiple Choice(Select one choice)

Regarding data disposal, which of the following statements is INCORRECT?

a.Papers containing customer network data must be destructed.

c.The customer network data in out-of-service device may not be destructed.

Answers of examinees：c Correct answer

questionScore:(2.0) Current Score: 2.0

15.Multiple Choice(Select one choice)

a.products and solutions information of customers’ products and systems

c.products, solutions, and services security of customers’ products and systems

Answers of examinees：b Correct answer

questionScore:(2.0) Current Score: 2.0

16.Multiple Choice(Select one choice)

a.Business managers at all levels, process owners at all levels

b.Process owners at all levels, business managers at all levels

c.Business owners, process handlers

d.Process handlers, business owners

Answers of examinees：a Correct answer

questionScore:(2.0) Current Score: 2.0

17.Multiple Choice(Select one choice)

a.Reserve an undocumented account in provided products or services.

d.Use accounts and passwords with the customers' written authorization.

Answers of examinees：d Correct answer

questionScore:(2.0) Current Score: 2.0

18.Multiple Choice(Select one choice)

Answers of examinees：d Wrong answer

questionScore:(2.0) Current Score: 0.0

19.Multiple Choice(Select one choice)

a.The country CSO is the work team leader.

b.Manager of BG/BU/Regional Dept./Account Dept./Rep. Office is the work team leader.

d.The Legal Affairs Dept. is the mandatory core member.

Answers of examinees：c Wrong answer