Paper Cyber Security Service Work Certificate English

Answered by :WX489269 Total exam score:100.0 Exam score:100.0

1.True or False

In training services, to quote customer information, you must edit out

the sensitive information in advance or obtain written authorization
from the customer.

True False

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

2.True or False

When handling or modifying customers' network data, you must apply to

customers for written authorization in advance. However, if the
operation does not affect customer network running, there is no need to
apply to customers.

True False

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

3.True or False

A company's responsibility for the customer network and business

security assurance surpasses its commercial interests.

True False

Answers of examinees：True Correct answer

 questionScore:(2.0) Current Score: 2.0

4.True or False

The super user and password must be managed by the customer. If network
operations must use the super user for login, you must apply to the
customer first and then remind the customer timely to change the
password the minute you complete the operation.

True False

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

5.True or False

All the change operations on the live network must get "three approvals"
(customer approval, approval of the project team, and technical
approval).

True False

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

6.True or False

When carrying out risky operations on customer devices (such as software

upgrade, replacement of important hardware, and network restructuring),
you must inform customers in advance and obtain their consent before
conducting the operations. The operations must be based on the
laboratory or simulated network data.

True False

Answers of examinees：True Correct answer

 questionScore:(2.0) Current Score: 2.0

7.True or False

The cyber security redlines are conditional requirements, and must give
top priority to business needs when it conflicts with the business.

True False

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

8.True or False

The grading standard for cyber security violation accountability mainly

depends on the consequences caused by violations.

True False

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

9.True or False

When working together at customer sites, team members can share an

account to avoid disturbing customers on the premise that the account
and password are not disclosed.

True False

Answers of examinees：False Correct answer

questionScore:(2.0) Current Score: 2.0

10.True or False
After the field service is finished, clean up all temporary content
related to the customer in the process of the service (for example,
delete the process data and cancel the login account). If certain
temporary content needs to be reserved for the follow-up work, you must
obtain the written approval from the customer.

True False

Answers of examinees：True Correct answer

questionScore:(2.0) Current Score: 2.0

11.Multiple Choice(Select one choice)

A maintenance engineer uses the login accounts and passwords for the
customer network stored in a coworker computer to access the customer
network remotely and resolve the issue. After investigation, it is
discovered that the login accounts were authorized by the customer six
months ago, and the validity period was only 10 days.Which of the
following statements is INCORRECT?

a.Strengthen customer authorization management, including the

authorization letters, accounts, and passwords.

b.Periodically clear expired customer permissions and remind

customers to cancel the expired authorization.

c.Customers rather than Huawei should take the responsibility of

management vulnerabilities in access control of the customer network.

d.Discuss with the customer for a solution and authorize login

permissions again. Accounts and passwords can be used only by the
authorized person and should be expired after the validity period, so
that if an issue occurs, the issue can be traced and located.

Answers of examinees：c Correct answer

 questionScore:(2.0) Current Score: 2.0

12.Multiple Choice(Select one choice)

Regarding the description of feedback and technical support of cyber

security, which of the following statements is INCORRECT?

a.Cyber security feedback is the duty of cyber security teams and not
related to normal employees.

b.Firstly seek help from business managers.

c.You can give feedback or seek help from local lawyers and cyber
security contacts.

d.If you find that external forums and third party

individuals/organizations discovered any security vulnerabilities, send
them to the related cyber security office.

Answers of examinees：a Correct answer

questionScore:(2.0) Current Score: 2.0

13.Multiple Choice(Select one choice)

As to the cyber security management of employees on business trips,

which of the following statements is INCORRECT?

a.When an employee on a business trip gets to the destination, the

destination department should require the employee to study the training
materials of cyber security, and keep the records that the employee
participated in cyber security training, passed the cyber security test,
and signed the related commitment of cyber security.

b.During the employee's business trip, the destination department

should regard the employee as its own staff and implement regular cyber
security management.

c.If an employee violates cyber security requirements during the

business trip, the supervisor of the destination department should bear
the management liability if the supervisor did not perform due duties in
management or failed to take any measures after knowing the violation.

d.An employee on business trips still complies with the cyber

security management requirements of his/her own original department.
He/she does not have to obey the cyber security management requirements
of the frontline project team, for example, attend trainings and sign
the commitment.

Answers of examinees：d Correct answer

questionScore:(2.0) Current Score: 2.0

14.Multiple Choice(Select one choice)

Which of the following customer authorization methods does not comply

with requirements?

a.E-mail

b.Meeting minutes

c.Fax

d.Verbal commitment

e.Service application

Answers of examinees：d Correct answer

 questionScore:(2.0) Current Score: 2.0

15.Multiple Choice(Select one choice)

4. In the process of service delivery, which of the following statements

about the third-party device is INCORRECT?

a.In the process of service delivery, engineers are prohibited from

operating the devices of other vendors in the customer's equipment room
(except that Huawei is responsible for the operation UI of other
vendors' devices such as a device in a migration project or a management
service project, or a supporting devices provided by Huawei).

b.Based on the responsibility matrix, you cannot operate or modify

the third-party devices casually.

c.If necessary, the third-party security software can be modified to

meet business needs.

d.When migrating the devices of the third-party vendors, you have to

handle the devices containing storage media based on the customer's
requirements.

Answers of examinees：c Correct answer

questionScore:(2.0) Current Score: 2.0

16.Multiple Choice(Select one choice)

The GCSO Office/BG Cyber Security Office is responsible for determining

the level of the reported cyber security crisis and organizing the
establishment of a cyber security crisis management work team. As for
core members of the crisis management work team, which of the following
statements is INCORRECT?

a.The country CSO is the work team leader.

 b.Manager of BG/BU/Regional Dept./Account Dept./Rep. Office is the
work team leader.

c.The GCSO/Director of GCSO Office/Director of BG/BU Cyber Security

Office is the deputy team leader.

d.The Legal Affairs Dept. is the mandatory core member.

Answers of examinees：a Correct answer

questionScore:(2.0) Current Score: 2.0

17.Multiple Choice(Select one choice)

Huawei’s definition of cyber security is to ensure the availability,

integrity, confidentiality, traceability, and robustness of ____ based
on a legal framework. Additionally, it protects the____ carried therein,
and the flow of unbiased information. Cyber security assurance prevents
Huawei and its customers from suffering economic and reputation loss,
Huawei and the perpetrator from assuming civil, administrative, and even
criminal responsibilities, Huawei from being used as an excuse of
trading protection, and Huawei from becoming a safety fuse of an
international political crisis.

a.products and solutions information of customers’ products and

systems

b.products, solutions, and services customers' or users'

communication content, personal data, and privacy

c.products, solutions, and services security of customers’ products

and systems

d.products and services customers' or users' communication content,

personal data, and privacy
Answers of examinees：b Correct answer
questionScore:(2.0) Current Score: 2.0

18.Multiple Choice(Select one choice)

In the process of service delivery, which of the following behaviors

does not violate cyber security?

a.Implant malicious codes, malicious software, and backdoor in the

provided product or service, and reserve any undisclosed interface and
account.

b.Access the customer system without the customer's written

authorization and collect, possess, handle, and modify any data and
information of the customer network.

c.Delete and destroy the customer network data after the customer
authorization expires.

d.Spread and use the shared account and password without the
customer's written authorization.

Answers of examinees：c Correct answer

questionScore:(2.0) Current Score: 2.0

19.Multiple Choice(Select one choice)

Send the data that contains personal information in the carrier network
to the headquarters for troubleshooting analysis, which of the following
statements is INCORRECT?

a.Ask for permission of the carrier and perform the essential

procedure according to local laws.

b.When data is transferred to the headquarters, adopt proper

organizational and technical measurements to ensure data security.

c.Problem solving is the top priority, so transfer the data as fast

as possible.

d.Ask for advice from the manager and cyber security department if
you do not know how to deal with it.

Answers of examinees：c Correct answer

questionScore:(2.0) Current Score: 2.0

20.Multiple Choice(Select one choice)

Which of the following statements about data usage is INCORRECT?

a.Use the customer network data within the scope of authorization. Do

not use or publish the customer network data in any form for any
unauthorized purpose.

b.If customers do not put forward clear requirements after the

project ends, you can reserve some customer network data on the work
computer for external communication and discussion in future.

c.If external communication, discussion, or display materials involve

customer network data, you must obtain customer authorization or edit
out sensitive information, except public data or information.

d.If case study or knowledge sharing involves customer network data,

you must edit out sensitive information instead of direct use.
Answers of examinees：b Correct answer
questionScore:(2.0) Current Score: 2.0

21.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about the usage

requirements of tools/software?

a.The tool/software release department needs to complete cyber

security redline authentication of physical product lines before the
product release. The application scope of the tool/software must be
clarified according to the redline testing results during the release.

b.The Support website and the product catalog are legal publication
and download platform. All the tools (including the frontline custom
tools) must be released on the legal platform. Employees can download
software from only the Support website, product catalogs, and use
software tools within the specified scope.

c.Employees are forbidden to download/use tool software from other

illegal channels, for example download a third-party software from the
Internet, or obtain or use R&D tool software from illegal channels.

d.To meet business processing and customer requirements in an

emergency, we can download a third-party software from the Internet, but
afterwards should report promptly to the tool management department and
cyber security office.

Answers of examinees：abc Correct answer

questionScore:(4.0) Current Score: 4.0

22.Multiple Select (Select two or more choices)

No one is allowed for any behavior that damages the security of

customers' network and information, such as:
 a.Without written authorization from the customer, access the
customer's network; collect, keep, process, and modify any data and
information in the customer's network.

b.Develop, replicate, and spread computer viruses or attack

customers’ infrastructure, such as the network, in other ways.

c.Use networks to carry out any activities that harm national

security and the public interest, steal or destroy others' information
and violate others' legal rights.

d.The requirements above apply to relevant suppliers, engineering

partners, and consultants.

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

23.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT concerning data storage?

a.Judiciously manage paper documents and storage media or devices

that contain customer network data to prevent unauthorized access or
data loss.

b.Strictly control access permissions to the customer network data,

and maintain permissions regularly.

c.Conduct data backup and protect data from viruses.

d.Before a staff leaves the sensitive area, the equipment or storage

media containing customer data network must be removed or transferred to
the local server or other storage media that have management measures.

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

24.Multiple Select (Select two or more choices)

Which of the following statements require customer written authorization

in advance?

a.Check device data

b.Collect device data

c.Modify device data

d.Access to the customer network

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

25.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT concerning personal data

and privacy protection?

a.End users' rights and freedom in processing personal data,

especially privacy rights, are protected by laws.

b.Avoid and reduce the use of personal data, anonymize the data or
use pseudonyms as much as possible according to local laws.
 c.Take appropriate technical and organizational measures to protect
personal data and prevent illegal processing of the data in any form.

d.If a person has no intention but violates personal data or privacy,

the personal is not legally liable.

Answers of examinees：abc Correct answer

questionScore:(4.0) Current Score: 4.0

26.Multiple Select (Select two or more choices)

The Universal Declaration of Human Rights states that no one shall be

subjected to arbitrary interference with their privacy and
correspondence. Many countries have implemented or are planning to
implement privacy or personal data protection laws. Protect user privacy
and communication freedom. Some employees may come into contact with
individuals' personal data, such as end users' telephone number, content
of their communications (such as text messages or voice mails), traffic
and location logs on the customers' networks. It is universally required
by laws that when collecting and processing personal data, one should
comply with the principles of fairness, transparency, relevancy,
appropriateness, and secure protection. Regarding protection of end
uses' privacy and communication freedom, which activities cannot be
tolerated by our company?

a.Sell user materials, such as user names and phone numbers, obtained
from work to others.

b.To locate issues in maintenance, access a user's communication line

and eavesdrop the user's voice call.

c.Illegally monitor users' communications and activities or assist in

such illegal monitoring.

d.Allow the free flow of unbiased information.

Answers of examinees：abc Correct answer
questionScore:(4.0) Current Score: 4.0

27.Multiple Select (Select two or more choices)

Regarding the description of data security and information

confidentiality requirements in the service system, which of the
following statements are CORRECT?

a.When trouble tickets in the IT system are created or handled, do

not fill in the customer service account and passwor

b.During the maintenance, important information such as the system

password should be informed by telephone, encrypted email, or fax.

c.During the network optimization delivery, the customer's personal

information and tracing information that involved in VIP experience
tracing, VIP issue handling, and network optimization in the VIP area
must be used in the specified scope.

d.When the service-layer data in the data center is handled,

information (such as email, official document, salary, and personnel
information) involved in data transfer and maintenance is forbidden to
be copied, reserved, or sprea

e.During service project management, the scope of customer reports

and network information to be sent must be controlled strictly.

Answers of examinees：acde Correct answer

questionScore:(4.0) Current Score: 4.0

28.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about data transfer?

a.Strictly follow the customer authorized purpose for customer

network data transfer operations.

b.Without the customers' consent, do not transfer customers' network

data (including personal data) out of the customers' network.

c.In case of an emergency, customer network data (including personal

data) of sensitive countries can be transferred back to China to avoid
service delay.

d.Transfer of personal data from the European Economic Area (EEA) and
other sensitive countries should comply with local laws and regulations.

Answers of examinees：abd Correct answer

questionScore:(4.0) Current Score: 4.0

29.Multiple Select (Select two or more choices)

Which of the following statements are CORRECT about on-site cyber

security management requirements for employees on business trips?

a.When an employee on a business trip gets to the destination, the

destination department should require the employee to study the training
materials of cyber security, participate in cyber security training,
pass the cyber security test, and sign the commitment of cyber security
redlines. The destination department should keep a record of the
employee's study, test, and commitment.

b.During the employee's business trip, the destination department

should regard the employee as its own staff and implement regular cyber
security management.
 c.If an employee violates cyber security requirements during the
business trip, the supervisor of the destination department should bear
the management liability if the supervisor did not perform due duties in
management or failed to take any measures after knowing the violation.

d.If an employee on business trips supports a project, the department

with management responsibilities is the project team; if the employee
does not enter the project, the department with management
responsibilities is the corresponding platform department.

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

30.Multiple Select (Select two or more choices)

What controls does service engineer put around the use of laptops or
engineering technology their engineers carry? For example, can the
service engineers load their own software tools onto their laptop?

a.We suggest that computers used for maintenance be provided and

managed by customers if possible. If the computers cannot be provided by
customers, our employees' work computers will be used.

b.To protect the customer network and data security, our corporation
has strict computer configuration and customer network access
requirements. The software in the work computers must be installed
through Huawei iDesk tool or by Huawei IT personnel.

c.The computers must meet the security requirements and standards. If

a computer is infected or suspected to be infected by viruses, the
computer cannot be connected to customer networks and must be scanned to
remove the viruses.

d.Service engineer can install internal R&D software tools through

directly contact with R&D staff.
Answers of examinees：abc Correct answer
questionScore:(4.0) Current Score: 4.0

31.Multiple Select (Select two or more choices)

In a testing program, an R&D engineer supports testing onsite. The

customer engineer A assigns the R&D engineer an account and its
password, and R&D engineer forwards this account and password to many
other customer engineers, several top customer managers include Which of
the following statements are CORRECT?

a.Providing account and password information to several customer

engineers does not involve cyber security violation.

b.Spreading /sharing account and password is a cyber security

violation.

c.The R&D engineer accidentally spreads the account and password

information, which does not involve cyber security violation.

d.The R&D engineer should carefully confirm the customer

authorization scope.

Answers of examinees：bd Correct answer

questionScore:(4.0) Current Score: 4.0

32.Multiple Select (Select two or more choices)

In the event of a major incident, how is Huawei equipped to ensure that

their customers can and will be informed timely and that the right
resources are made available within the company to respond to the
incident?
 a.Huawei adopts the ITR process and iCare system that serves global
customers to handle the entire process of all customer events.

b.In case of a major security incident, customers are immediately

informed through emails, SMSs, telephone, or face-to-face communication.
We also notify management at different levels based on the incident
level to muster their support.

c.If a security incident is caused by a vulnerability, this incident

will be escalated to Huawei PSIRT and included into the vulnerability
response process. Huawei PSIRT assesses all affected products and
releases a security advisory (SA) for affected customers.

d.Huawei PSIRT (a role in the IPD process) reports severe security

incidents to product line managers and includes the security incident
into the enterprise crisis management process. The crisis management
workgroup takes part in the process and ensures timely resolution,
during which senior managers may review reports on crisis handling and
management improvement.

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

33.Multiple Select (Select two or more choices)

Regarding the description of system account management and assess right

control, which of the following statements are CORRECT?

a.Remind the customer to conduct necessary limitation to the assess

rights and comply with principles of right- and domain-based control and
least privilege.

b.Ensure that every employee has a unique user identification and

password for his/her use only.
 c.Remind the customer to update all the passwords of the device
regularly and ensure the complexity of the passwords.

d.Clean up the device accounts regularly and eliminate unused

accounts.

Answers of examinees：abcd Correct answer

questionScore:(4.0) Current Score: 4.0

34.Multiple Select (Select two or more choices)

To collect and process personal data for the purpose of safeguarding

network operation and service, which of the following requirements shall
Huawei comply with?

a.Obtain written authorization from the customer in advance and keep

the consent or authorization record.

b.Disclose the function to the customer using product materials and

describe the following items explicitly: type of collected and handled
data, purpose, handling method, deadline, the next data receiver (if
any).

c.The collection should comply with the purpose correlation,

necessity, minimum, and real-time update principles. Anonyms or
pseudonyms shall be used wherever possible.

d.According to laws, personal data from cyber security sensitive

countries should not be transferred to other countries or areas
including China.

Answers of examinees：abcd Correct answer

 questionScore:(4.0) Current Score: 4.0

35.Multiple Select (Select two or more choices)

Regarding releasing communication materials to the public, which of the

following activities are CORRECT?

a.Do not mention technologies and solutions which may lead to

misunderstanding regarding user privacy protection, such as DPI(Deep
Packet Inspection), location-based service, lawful interception, remote
access, and data transfer.

b.Never excerpt users' personal information or customers' network

data without customers' written authorization (except public
information).

c.Suggest source-code level security testing to customers for

competition testing.

d.Do not spread cyber security cases, which may easily cause any
misunderstanding about Huawei, such as security baselines and security
alarms.

Answers of examinees：abd Correct answer

questionScore:(4.0) Current Score: 4.0