• Author / Uploaded
• asim

Citation preview

nswered by :Ranjhan Yar Total exam score:100.0 Exam score:96.0 1.True or False According to cyber security redlines, do not reserve or use an admin account or other unauthorized accounts after the product has been deployed for commercial use or has been transferred to the maintenance phase. Instead, the network account password must be handed over to the customer who is required to modify the initial password and sign for confirmation.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

2.True or False The software obtained through official corporate channels means the software obtained after application and approval, or the software delivered with the device.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

3.True or False When carrying out risky operations on customer devices (such as software upgrade, replacement of important hardware, and network restructuring), you must inform customers in advance and obtain their consent before conducting the operations. The operations must be based on the laboratory or simulated network data.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

4.True or False When working together at customer sites, team members can share an account to avoid disturbing customers on the premise that the account and password are not disclosed.

True

False

Answers of examinees：False Correct answer questionScore:(2.0) Current Score: 2.0

5.True or False Employees must remove viruses regularly on computers/terminals. The computer or storage media with discovered or suspected viruses must not access the customer network.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

6.True or False All the change operations on the live network must get "three approvals" (customer approval, approval of the project team, and technical approval).

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

7.True or False When the employee completes his/her missions on the business trip and is ready to leave, relevant departments must require him/her to delete the customer network information in the portable devices or other storage media, and to hand over relevant account information. The departments must also revoke the employee's access right to relevant customer systems or sites and check again. If necessary, inform customers that the employee is about to leave.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

8.True or False The super user and password must be managed by the customer. If network operations must use the super user for login, you must apply to the customer first and then remind the customer timely to change the password the minute you complete the operation.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

9.True or False After the field service is finished, clean up all temporary content related to the customer in the process of the service (for example, delete the process data and cancel the login account). If certain temporary content needs to be reserved for the follow-up work, you must obtain the written approval from the customer.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

10.True or False In training services, to quote customer information, you must edit out the sensitive information in advance or obtain written authorization from the customer.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

11.Multiple Choice(Select one choice) Regarding virus detection and removal, which of the following statements is CORRECT? a.Computers at work have already installed antivirus software and are updated and optimized by the IT, so there is no need to scan virus before connecting to customer network.

b.The computer or storage media with discovered or suspected viruses can access the customer network with the permission of the customer. c.Employees need to scan virus in Full scan mode regularly. The computer or storage media with discovered or suspected viruses must not access the customer network. d.The cyber security behavior of subcontractor employees is managed by the subcontractor, and Huawei is not accountable if the sub-contractor employees' computer accesses to the customer network without virus scanning.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

12.Multiple Choice(Select one choice) As mentioned in Management Requirements on Cyber Security Baseline, ( ) are the first owners for ensuring cyber security of the related businesses, and ( ) are the first owners for ensuring cyber security of the related processes. a.Business managers at all levels, process owners at all levels b.Process owners at all levels, business managers at all levels c.Business owners, process handlers d.Process handlers, business owners

Answers of examinees：a Correct answer questionScore:(2.0) Current Score: 2.0

13.Multiple Choice(Select one choice) Which of the following customer authorization methods does not comply with requirements? a.E-mail

b.Meeting minutes c.Fax d.Verbal commitment e.Service application

Answers of examinees：d Correct answer questionScore:(2.0) Current Score: 2.0

14.Multiple Choice(Select one choice) As to the cyber security management of employees on business trips, which of the following statements is INCORRECT? a.When an employee on a business trip gets to the destination, the destination department should require the employee to study the training materials of cyber security, and keep the records that the employee participated in cyber security training, passed the cyber security test, and signed the related commitment of cyber security. b.During the employee's business trip, the destination department should regard the employee as its own staff and implement regular cyber security management. c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation. d.An employee on business trips still complies with the cyber security management requirements of his/her own original department. He/she does not have to obey the cyber security management requirements of the frontline project team, for example, attend trainings and sign the commitment.

Answers of examinees：d Correct answer questionScore:(2.0) Current Score: 2.0

15.Multiple Choice(Select one choice) Regarding the description of feedback and technical support of cyber security, which of the following statements is INCORRECT? a.Cyber security feedback is the duty of cyber security teams and not related to normal employees. b.Firstly seek help from business managers. c.You can give feedback or seek help from local lawyers and cyber security contacts. d.If you find that external forums and third party individuals/organizations discovered any security vulnerabilities, send them to the related cyber security office.

Answers of examinees：a Correct answer questionScore:(2.0) Current Score: 2.0

16.Multiple Choice(Select one choice) Send the data that contains personal information in the carrier network to the headquarters for troubleshooting analysis, which of the following statements is INCORRECT? a.Ask for permission of the carrier and perform the essential procedure according to local laws. b.When data is transferred to the headquarters, adopt proper organizational and technical measurements to ensure data security. c.Problem solving is the top priority, so transfer the data as fast as possible. d.Ask for advice from the manager and cyber security department if you do not know how to deal with it.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

17.Multiple Choice(Select one choice) Regarding the description of on-site service requirements, which of the following statements is INCORRECT? a.When offering the on-site service, the customer must agree and accompany, and the engineer must use the temporary account and password offered by the customer and must not share with others. b.Any operation that is of no risk but out of the operation scope approved by the customer can state to the customer after implementation. c.After the on-site service ends, clean up all temporary work content during the service(for example, delete the process data and cancel the login account). If certain temporary content needs to be reserved for the follow-up work, you must obtain the written approval from the customer. d.After the on-site service ends, the customer needs to sign in the service report to confirm whether the login password has been changed.

Answers of examinees：b Correct answer questionScore:(2.0) Current Score: 2.0

18.Multiple Choice(Select one choice) 4. In the process of service delivery, which of the following statements about the third-party device is INCORRECT? a.In the process of service delivery, engineers are prohibited from operating the devices of other vendors in the customer's equipment room (except that Huawei is responsible for the operation UI of other vendors' devices such as a device in a migration project or a management service project, or a supporting devices provided by Huawei). b.Based on the responsibility matrix, you cannot operate or modify the third-party devices casually. c.If necessary, the third-party security software can be modified to meet business needs. d.When migrating the devices of the third-party vendors, you have to handle the devices containing storage media based on the customer's requirements.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

19.Multiple Choice(Select one choice) In the process of service delivery, which of the following behaviors does not violate cyber security? a.Implant malicious codes, malicious software, and backdoor in the provided product or service, and reserve any undisclosed interface and account. b.Access the customer system without the customer's written authorization and collect, possess, handle, and modify any data and information of the customer network. c.Delete and destroy the customer network data after the customer authorization expires. d.Spread and use the shared account and password without the customer's written authorization.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

20.Multiple Choice(Select one choice) A maintenance engineer uses the login accounts and passwords for the customer network stored in a coworker computer to access the customer network remotely and resolve the issue. After investigation, it is discovered that the login accounts were authorized by the customer six months ago, and the validity period was only 10 days.Which of the following statements is INCORRECT? a.Strengthen customer authorization management, including the authorization letters, accounts, and passwords. b.Periodically clear expired customer permissions and remind customers to cancel the expired authorization.

c.Customers rather than Huawei should take the responsibility of management vulnerabilities in access control of the customer network. d.Discuss with the customer for a solution and authorize login permissions again. Accounts and passwords can be used only by the authorized person and should be expired after the validity period, so that if an issue occurs, the issue can be traced and located.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

21.Multiple Select (Select two or more choices) In the event of a major incident, how is Huawei equipped to ensure that their customers can and will be informed timely and that the right resources are made available within the company to respond to the incident? a.Huawei adopts the ITR process and iCare system that serves global customers to handle the entire process of all customer events. b.In case of a major security incident, customers are immediately informed through emails, SMSs, telephone, or face-to-face communication. We also notify management at different levels based on the incident level to muster their support. c.If a security incident is caused by a vulnerability, this incident will be escalated to Huawei PSIRT and included into the vulnerability response process. Huawei PSIRT assesses all affected products and releases a security advisory (SA) for affected customers. d.Huawei PSIRT (a role in the IPD process) reports severe security incidents to product line managers and includes the security incident into the enterprise crisis management process. The crisis management workgroup takes part in the process and ensures timely resolution, during which senior managers may review reports on crisis handling and management improvement.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

22.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about data transfer? a.Strictly follow the customer authorized purpose for customer network data transfer operations. b.Without the customers' consent, do not transfer customers' network data (including personal data) out of the customers' network. c.In case of an emergency, customer network data (including personal data) of sensitive countries can be transferred back to China to avoid service delay. d.Transfer of personal data from the European Economic Area (EEA) and other sensitive countries should comply with local laws and regulations.

Answers of examinees：abd Correct answer questionScore:(4.0) Current Score: 4.0

23.Multiple Select (Select two or more choices) Which of the following statements are CORRECT concerning personal data and privacy protection? a.End users' rights and freedom in processing personal data, especially privacy rights, are protected by laws. b.Avoid and reduce the use of personal data, anonymize the data or use pseudonyms as much as possible according to local laws. c.Take appropriate technical and organizational measures to protect personal data and prevent illegal processing of the data in any form. d.If a person has no intention but violates personal data or privacy, the personal is not legally liable.

Answers of examinees：abc Correct answer questionScore:(4.0) Current Score: 4.0

24.Multiple Select (Select two or more choices) In a testing program, an R&D engineer supports testing onsite. The customer engineer A assigns the R&D engineer an account and its password, and R&D engineer forwards this account and password to many other customer engineers, several top customer managers include Which of the following statements are CORRECT? a.Providing account and password information to several customer engineers does not involve cyber security violation. b.Spreading /sharing account and password is a cyber security violation. c.The R&D engineer accidentally spreads the account and password information, which does not involve cyber security violation. d.The R&D engineer should carefully confirm the customer authorization scope.

Answers of examinees：bd Correct answer questionScore:(4.0) Current Score: 4.0

25.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about the usage requirements of tools/software? a.The tool/software release department needs to complete cyber security redline authentication of physical product lines before the product release. The application scope of the tool/software must be clarified according to the redline testing results during the release. b.The Support website and the product catalog are legal publication and download platform. All the tools (including the frontline custom tools) must be released on the legal platform. Employees can download software from only the Support website, product catalogs, and use software tools within the specified scope. c.Employees are forbidden to download/use tool software from other illegal channels, for example download a third-party software from the Internet, or obtain or use R&D tool software from illegal channels. d.To meet business processing and customer requirements in an emergency, we can download a third-party software from the Internet, but afterwards should report promptly to the

tool management department and cyber security office.

Answers of examinees：abc Correct answer questionScore:(4.0) Current Score: 4.0

26.Multiple Select (Select two or more choices) The Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with their privacy and correspondence. Many countries have implemented or are planning to implement privacy or personal data protection laws. Protect user privacy and communication freedom. Some employees may come into contact with individuals' personal data, such as end users' telephone number, content of their communications (such as text messages or voice mails), traffic and location logs on the customers' networks. It is universally required by laws that when collecting and processing personal data, one should comply with the principles of fairness, transparency, relevancy, appropriateness, and secure protection. Regarding protection of end uses' privacy and communication freedom, which activities cannot be tolerated by our company? a.Sell user materials, such as user names and phone numbers, obtained from work to others. b.To locate issues in maintenance, access a user's communication line and eavesdrop the user's voice call. c.Illegally monitor users' communications and activities or assist in such illegal monitoring. d.Allow the free flow of unbiased information.

Answers of examinees：abc Correct answer questionScore:(4.0) Current Score: 4.0

27.Multiple Select (Select two or more choices) Which of the following statements are CORRECT concerning data storage? a.Judiciously manage paper documents and storage media or devices that contain customer network data to prevent unauthorized access or data loss.

b.Strictly control access permissions to the customer network data, and maintain permissions regularly. c.Conduct data backup and protect data from viruses. d.Before a staff leaves the sensitive area, the equipment or storage media containing customer data network must be removed or transferred to the local server or other storage media that have management measures.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

28.Multiple Select (Select two or more choices) Regarding remote access process management (for sensitive countries), which of the following statements are CORRECT? a.Before remote access, you must get customer written authorization to specify the authorization scope and time limitation. The operation scheme of remote access should be approved by the project team and experts. b.During the troubleshooting process, if customer network information collection is needed, you must state the scope, purpose, and security measures to the customer and obtain the customer's written authorization. c.The software, versions, patches, and licenses installed on the customer network in remote access must be from the official channel of our company, including the support website, formal email, and 3MS case library. d.After the remote service ends, you should inform the customer to close remote service environment on the device side, including cutting off the remote service connection through the network and terminating the remote service software. You should also remind the customer to change the password used during the remote service. e.After remote service ends, you should delete the data and information obtained from the customer network in time. If you need to reserve the data, the customer written authorization must be obtained.

f.There must be strict recording of the server use. Every user should record the use information in a written document or IT system.

Answers of examinees：abcd Wrong answer questionScore:(4.0) Current Score: 0.0

29.Multiple Select (Select two or more choices) No one is allowed for any behavior that damages the security of customers' network and information, such as: a.Without written authorization from the customer, access the customer's network; collect, keep, process, and modify any data and information in the customer's network. b.Develop, replicate, and spread computer viruses or attack customers’ infrastructure, such as the network, in other ways. c.Use networks to carry out any activities that harm national security and the public interest, steal or destroy others' information and violate others' legal rights. d.The requirements above apply to relevant suppliers, engineering partners, and consultants.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

30.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about on-site cyber security management requirements for employees on business trips? a.When an employee on a business trip gets to the destination, the destination department should require the employee to study the training materials of cyber security, participate in cyber security training, pass the cyber security test, and sign the commitment of cyber security redlines. The destination department should keep a record of the employee's study, test, and commitment.

b.During the employee's business trip, the destination department should regard the employee as its own staff and implement regular cyber security management. c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation. d.If an employee on business trips supports a project, the department with management responsibilities is the project team; if the employee does not enter the project, the department with management responsibilities is the corresponding platform department.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

31.Multiple Select (Select two or more choices) Which of the following statements require customer written authorization in advance? a.Check device data b.Collect device data c.Modify device data d.Access to the customer network

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

32.Multiple Select (Select two or more choices) Regarding Huawei cyber security governance, organization design, policies, and procedures, which of the following statements are CORRECT? a.Huawei established the Global Cyber Security Committee (GCSC), consisting of the board members and Global Process Owners (GPOs). The Global Cyber Security Officer

(GCSO) and subordinate security organizations support the GCSC to implement the cyber security strategies. b.Huawei incorporates security goals into the company business processes and implements the company's programmatic documents such as strategies through more specific policies, organization, and process documents. c.Huawei auditors use the Key Control Points (KCPs) and the global process control manual to ensure that processes are effective and executed. d.Huawei governance, organization design, policies, and procedures ensure that cyber security requirements are effectively implemented rather than remain on paper.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

33.Multiple Select (Select two or more choices) Regarding the description of system account management and assess right control, which of the following statements are CORRECT? a.Remind the customer to conduct necessary limitation to the assess rights and comply with principles of right- and domain-based control and least privilege. b.Ensure that every employee has a unique user identification and password for his/her use only. c.Remind the customer to update all the passwords of the device regularly and ensure the complexity of the passwords. d.Clean up the device accounts regularly and eliminate unused accounts.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

34.Multiple Select (Select two or more choices)

To collect and process personal data for the purpose of safeguarding network operation and service, which of the following requirements shall Huawei comply with? a.Obtain written authorization from the customer in advance and keep the consent or authorization record. b.Disclose the function to the customer using product materials and describe the following items explicitly: type of collected and handled data, purpose, handling method, deadline, the next data receiver (if any). c.The collection should comply with the purpose correlation, necessity, minimum, and real-time update principles. Anonyms or pseudonyms shall be used wherever possible. d.According to laws, personal data from cyber security sensitive countries should not be transferred to other countries or areas including China.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

35.Multiple Select (Select two or more choices) Regarding releasing communication materials to the public, which of the following activities are CORRECT? a.Do not mention technologies and solutions which may lead to misunderstanding regarding user privacy protection, such as DPI(Deep Packet Inspection), location-based service, lawful interception, remote access, and data transfer. b.Never excerpt users' personal information or customers' network data without customers' written authorization (except public information). c.Suggest source-code level security testing to customers for competition testing. d.Do not spread cyber security cases, which may easily cause any misunderstanding about Huawei, such as security baselines and security alarms.

Answers of examinees：abd Correct answer

Answered by :Zahid Hussain Shah Total exam score:100.0 Exam score:94.0

1.True or False A company's responsibility for the customer network and business security assurance surpasses its commercial interests.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

2.True or False When handling or modifying customers' network data, you must apply to customers for written authorization in advance. However, if the operation does not affect customer network running, there is no need to apply to customers.

True

False

Answers of examinees：False Correct answer questionScore:(2.0) Current Score: 2.0

3.True or False After the field service is finished, clean up all temporary content related to the customer in the process of the service (for example, delete the process data and cancel the login account). If certain temporary content needs to be reserved for the follow-up work, you must obtain the written approval from the customer.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

4.True or False In training services, to quote customer information, you must edit out the sensitive information in advance or obtain written authorization from the customer.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

5.True or False The software obtained through official corporate channels means the software obtained after application and approval, or the software delivered with the device.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

6.True or False When working together at customer sites, team members can share an account to avoid disturbing customers on the premise that the account and password are not disclosed.

True

False

Answers of examinees：False Correct answer questionScore:(2.0) Current Score: 2.0

7.True or False Employees must remove viruses regularly on computers/terminals. The computer or storage media with discovered or suspected viruses must not access the customer network.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

8.True or False You must first get written authorization from customers before installing any tool or software on the customer network. In case of an emergency such as the customer being not within

contact, the temporary software installed on the customer device must be removed the moment you complete the task.

True

False

Answers of examinees：False Correct answer questionScore:(2.0) Current Score: 2.0

9.True or False The grading standard for cyber security violation accountability mainly depends on the consequences caused by violations.

True

False

Answers of examinees：False Correct answer questionScore:(2.0) Current Score: 2.0

10.True or False When carrying out risky operations on customer devices (such as software upgrade, replacement of important hardware, and network restructuring), you must inform customers in advance and obtain their consent before conducting the operations. The operations must be based on the laboratory or simulated network data.

True

False

Answers of examinees：True Correct answer questionScore:(2.0) Current Score: 2.0

11.Multiple Choice(Select one choice) 4. In the process of service delivery, which of the following statements about the third-party device is INCORRECT? a.In the process of service delivery, engineers are prohibited from operating the devices of other vendors in the customer's equipment room (except that Huawei is responsible for the operation UI of other vendors' devices such as a device in a migration project or a management service project, or a supporting devices provided by Huawei).

b.Based on the responsibility matrix, you cannot operate or modify the third-party devices casually. c.If necessary, the third-party security software can be modified to meet business needs. d.When migrating the devices of the third-party vendors, you have to handle the devices containing storage media based on the customer's requirements.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

12.Multiple Choice(Select one choice) A maintenance engineer uses the login accounts and passwords for the customer network stored in a coworker computer to access the customer network remotely and resolve the issue. After investigation, it is discovered that the login accounts were authorized by the customer six months ago, and the validity period was only 10 days.Which of the following statements is INCORRECT? a.Strengthen customer authorization management, including the authorization letters, accounts, and passwords. b.Periodically clear expired customer permissions and remind customers to cancel the expired authorization. c.Customers rather than Huawei should take the responsibility of management vulnerabilities in access control of the customer network. d.Discuss with the customer for a solution and authorize login permissions again. Accounts and passwords can be used only by the authorized person and should be expired after the validity period, so that if an issue occurs, the issue can be traced and located.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

13.Multiple Choice(Select one choice)

Regarding the description of feedback and technical support of cyber security, which of the following statements is INCORRECT? a.Cyber security feedback is the duty of cyber security teams and not related to normal employees. b.Firstly seek help from business managers. c.You can give feedback or seek help from local lawyers and cyber security contacts. d.If you find that external forums and third party individuals/organizations discovered any security vulnerabilities, send them to the related cyber security office.

Answers of examinees：a Correct answer questionScore:(2.0) Current Score: 2.0

14.Multiple Choice(Select one choice) As mentioned in Management Requirements on Cyber Security Baseline, ( ) are the first owners for ensuring cyber security of the related businesses, and ( ) are the first owners for ensuring cyber security of the related processes. a.Business managers at all levels, process owners at all levels b.Process owners at all levels, business managers at all levels c.Business owners, process handlers d.Process handlers, business owners

Answers of examinees：a Correct answer questionScore:(2.0) Current Score: 2.0

15.Multiple Choice(Select one choice) Regarding data disposal, which of the following statements is INCORRECT?

a.Papers containing customer network data must be destructed. b.If changing positions, the employee should recycle or conduct unrecoverable deletion of the customer network data and cancel the corresponding information system assess right. c.The customer network data in out-of-service device may not be destructed. d.If devices and storage media are returned from sensitive areas, the contained customer network data must be erased unless the customer asks for reserving.

Answers of examinees：c Correct answer questionScore:(2.0) Current Score: 2.0

16.Multiple Choice(Select one choice) Regarding account password management, which of the following statements does not belong to cyber security violations? a.Reserve an undocumented account in provided products or services. b.Attack and destroy the customers' networks; crack the password of customers' accounts. c.Disclose and disseminate the accounts and passwords of the customers' network. d.Use accounts and passwords with the customers' written authorization.

Answers of examinees：d Correct answer questionScore:(2.0) Current Score: 2.0

17.Multiple Choice(Select one choice) Huawei’s definition of cyber security is to ensure the availability, integrity, confidentiality, traceability, and robustness of ____ based on a legal framework. Additionally, it protects the____ carried therein, and the flow of unbiased information. Cyber security assurance prevents Huawei and its customers from suffering economic and reputation loss, Huawei and the perpetrator from assuming civil, administrative, and even criminal responsibilities, Huawei from being used as an excuse of trading protection, and Huawei from becoming a safety fuse

of an international political crisis. a.products and solutions information of customers’ products and systems b.products, solutions, and services customers' or users' communication content, personal data, and privacy c.products, solutions, and services security of customers’ products and systems d.products and services customers' or users' communication content, personal data, and privacy

Answers of examinees：b Correct answer questionScore:(2.0) Current Score: 2.0

18.Multiple Choice(Select one choice) As to the cyber security management of employees on business trips, which of the following statements is INCORRECT? a.When an employee on a business trip gets to the destination, the destination department should require the employee to study the training materials of cyber security, and keep the records that the employee participated in cyber security training, passed the cyber security test, and signed the related commitment of cyber security. b.During the employee's business trip, the destination department should regard the employee as its own staff and implement regular cyber security management. c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation. d.An employee on business trips still complies with the cyber security management requirements of his/her own original department. He/she does not have to obey the cyber security management requirements of the frontline project team, for example, attend trainings and sign the commitment.

Answers of examinees：d Correct answer questionScore:(2.0) Current Score: 2.0

19.Multiple Choice(Select one choice) Which of the following statements about data usage is INCORRECT? a.Use the customer network data within the scope of authorization. Do not use or publish the customer network data in any form for any unauthorized purpose. b.If customers do not put forward clear requirements after the project ends, you can reserve some customer network data on the work computer for external communication and discussion in future. c.If external communication, discussion, or display materials involve customer network data, you must obtain customer authorization or edit out sensitive information, except public data or information. d.If case study or knowledge sharing involves customer network data, you must edit out sensitive information instead of direct use.

Answers of examinees：b Correct answer questionScore:(2.0) Current Score: 2.0

20.Multiple Choice(Select one choice) The GCSO Office/BG Cyber Security Office is responsible for determining the level of the reported cyber security crisis and organizing the establishment of a cyber security crisis management work team. As for core members of the crisis management work team, which of the following statements is INCORRECT? a.The country CSO is the work team leader. b.Manager of BG/BU/Regional Dept./Account Dept./Rep. Office is the work team leader. c.The GCSO/Director of GCSO Office/Director of BG/BU Cyber Security Office is the deputy team leader.

d.The Legal Affairs Dept. is the mandatory core member.

Answers of examinees：b Wrong answer questionScore:(2.0) Current Score: 0.0

21.Multiple Select (Select two or more choices) No one is allowed for any behavior that damages the security of customers' network and information, such as: a.Without written authorization from the customer, access the customer's network; collect, keep, process, and modify any data and information in the customer's network. b.Develop, replicate, and spread computer viruses or attack customers’ infrastructure, such as the network, in other ways. c.Use networks to carry out any activities that harm national security and the public interest, steal or destroy others' information and violate others' legal rights. d.The requirements above apply to relevant suppliers, engineering partners, and consultants.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

22.Multiple Select (Select two or more choices) Regarding the description of system account management and assess right control, which of the following statements are CORRECT? a.Remind the customer to conduct necessary limitation to the assess rights and comply with principles of right- and domain-based control and least privilege. b.Ensure that every employee has a unique user identification and password for his/her use only. c.Remind the customer to update all the passwords of the device regularly and ensure the

complexity of the passwords. d.Clean up the device accounts regularly and eliminate unused accounts.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

23.Multiple Select (Select two or more choices) What controls does service engineer put around the use of laptops or engineering technology their engineers carry? For example, can the service engineers load their own software tools onto their laptop? a.We suggest that computers used for maintenance be provided and managed by customers if possible. If the computers cannot be provided by customers, our employees' work computers will be used. b.To protect the customer network and data security, our corporation has strict computer configuration and customer network access requirements. The software in the work computers must be installed through Huawei iDesk tool or by Huawei IT personnel. c.The computers must meet the security requirements and standards. If a computer is infected or suspected to be infected by viruses, the computer cannot be connected to customer networks and must be scanned to remove the viruses. d.Service engineer can install internal R&D software tools through directly contact with R&D staff.

Answers of examinees：abc Correct answer questionScore:(4.0) Current Score: 4.0

24.Multiple Select (Select two or more choices) In a testing program, an R&D engineer supports testing onsite. The customer engineer A assigns the R&D engineer an account and its password, and R&D engineer forwards this account and password to many other customer engineers, several top customer managers include Which of the following statements are CORRECT?

a.Providing account and password information to several customer engineers does not involve cyber security violation. b.Spreading /sharing account and password is a cyber security violation. c.The R&D engineer accidentally spreads the account and password information, which does not involve cyber security violation. d.The R&D engineer should carefully confirm the customer authorization scope.

Answers of examinees：bd Correct answer questionScore:(4.0) Current Score: 4.0

25.Multiple Select (Select two or more choices) Enter or exit of the ( ) must follow management regulations of the customer or related organization. The NOC and RNOC built by Huawei should be customized to fulfill the management regulations required by the customer and be complied with strictly. a.customer's equipment room b.customer's network management center c.customer's office area d.sensitive area (such as government agency and army)

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

26.Multiple Select (Select two or more choices) Regarding the description of data security and information confidentiality requirements in the service system, which of the following statements are CORRECT? a.When trouble tickets in the IT system are created or handled, do not fill in the customer

service account and passwor b.During the maintenance, important information such as the system password should be informed by telephone, encrypted email, or fax. c.During the network optimization delivery, the customer's personal information and tracing information that involved in VIP experience tracing, VIP issue handling, and network optimization in the VIP area must be used in the specified scope. d.When the service-layer data in the data center is handled, information (such as email, official document, salary, and personnel information) involved in data transfer and maintenance is forbidden to be copied, reserved, or sprea e.During service project management, the scope of customer reports and network information to be sent must be controlled strictly.

Answers of examinees：acde Correct answer questionScore:(4.0) Current Score: 4.0

27.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about data transfer? a.Strictly follow the customer authorized purpose for customer network data transfer operations. b.Without the customers' consent, do not transfer customers' network data (including personal data) out of the customers' network. c.In case of an emergency, customer network data (including personal data) of sensitive countries can be transferred back to China to avoid service delay. d.Transfer of personal data from the European Economic Area (EEA) and other sensitive countries should comply with local laws and regulations.

Answers of examinees：abd Correct answer

questionScore:(4.0) Current Score: 4.0

28.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about on-site cyber security management requirements for employees on business trips? a.When an employee on a business trip gets to the destination, the destination department should require the employee to study the training materials of cyber security, participate in cyber security training, pass the cyber security test, and sign the commitment of cyber security redlines. The destination department should keep a record of the employee's study, test, and commitment. b.During the employee's business trip, the destination department should regard the employee as its own staff and implement regular cyber security management. c.If an employee violates cyber security requirements during the business trip, the supervisor of the destination department should bear the management liability if the supervisor did not perform due duties in management or failed to take any measures after knowing the violation. d.If an employee on business trips supports a project, the department with management responsibilities is the project team; if the employee does not enter the project, the department with management responsibilities is the corresponding platform department.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

29.Multiple Select (Select two or more choices) Which of the following statements are CORRECT concerning data storage? a.Judiciously manage paper documents and storage media or devices that contain customer network data to prevent unauthorized access or data loss. b.Strictly control access permissions to the customer network data, and maintain permissions regularly. c.Conduct data backup and protect data from viruses.

d.Before a staff leaves the sensitive area, the equipment or storage media containing customer data network must be removed or transferred to the local server or other storage media that have management measures.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

30.Multiple Select (Select two or more choices) Regarding remote access process management (for sensitive countries), which of the following statements are CORRECT? a.Before remote access, you must get customer written authorization to specify the authorization scope and time limitation. The operation scheme of remote access should be approved by the project team and experts. b.During the troubleshooting process, if customer network information collection is needed, you must state the scope, purpose, and security measures to the customer and obtain the customer's written authorization. c.The software, versions, patches, and licenses installed on the customer network in remote access must be from the official channel of our company, including the support website, formal email, and 3MS case library. d.After the remote service ends, you should inform the customer to close remote service environment on the device side, including cutting off the remote service connection through the network and terminating the remote service software. You should also remind the customer to change the password used during the remote service. e.After remote service ends, you should delete the data and information obtained from the customer network in time. If you need to reserve the data, the customer written authorization must be obtained. f.There must be strict recording of the server use. Every user should record the use information in a written document or IT system.

Answers of examinees：abcdef Wrong answer

questionScore:(4.0) Current Score: 0.0

31.Multiple Select (Select two or more choices) Which of the following statements are INCORRECT if engineer Z is asked to resolve packet loss issues on a customer device as soon as possible? a.Considering that the customer requirement is urgent, immediately access the customer system for packet capture and troubleshooting. b.First, apply to the customer for approval and obtain the written authorization for accessing the customer system. c.Directly access the customer system for processing after contacting the customer for multiple times but failing to obtain any response. d.Employee Z has a good relationship with the customer, so the employee can access the customer system first and apply for written authorization later.

Answers of examinees：acd Correct answer questionScore:(4.0) Current Score: 4.0

32.Multiple Select (Select two or more choices) Which of the following statements require customer written authorization in advance? a.Check device data b.Collect device data c.Modify device data d.Access to the customer network

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

33.Multiple Select (Select two or more choices) Which of the following statements are CORRECT about the usage requirements of tools/software? a.The tool/software release department needs to complete cyber security redline authentication of physical product lines before the product release. The application scope of the tool/software must be clarified according to the redline testing results during the release. b.The Support website and the product catalog are legal publication and download platform. All the tools (including the frontline custom tools) must be released on the legal platform. Employees can download software from only the Support website, product catalogs, and use software tools within the specified scope. c.Employees are forbidden to download/use tool software from other illegal channels, for example download a third-party software from the Internet, or obtain or use R&D tool software from illegal channels. d.To meet business processing and customer requirements in an emergency, we can download a third-party software from the Internet, but afterwards should report promptly to the tool management department and cyber security office.

Answers of examinees：abc Correct answer questionScore:(4.0) Current Score: 4.0

34.Multiple Select (Select two or more choices) To collect and process personal data for the purpose of safeguarding network operation and service, which of the following requirements shall Huawei comply with? a.Obtain written authorization from the customer in advance and keep the consent or authorization record. b.Disclose the function to the customer using product materials and describe the following items explicitly: type of collected and handled data, purpose, handling method, deadline, the next data receiver (if any). c.The collection should comply with the purpose correlation, necessity, minimum, and real-time update principles. Anonyms or pseudonyms shall be used wherever possible.

d.According to laws, personal data from cyber security sensitive countries should not be transferred to other countries or areas including China.

Answers of examinees：abcd Correct answer questionScore:(4.0) Current Score: 4.0

35.Multiple Select (Select two or more choices) Which of the following statements are CORRECT concerning personal data and privacy protection? a.End users' rights and freedom in processing personal data, especially privacy rights, are protected by laws. b.Avoid and reduce the use of personal data, anonymize the data or use pseudonyms as much as possible according to local laws. c.Take appropriate technical and organizational measures to protect personal data and prevent illegal processing of the data in any form. d.If a person has no intention but violates personal data or privacy, the personal is not legally liable.

Answers of examinees：abc Correct answer