1.

Which of the following customer authorization methods is correct?

A.
Phone call

B. ans
Email

C.
Video call

D.
Oral commitment

Next

2.
Regarding the description of on-site service requirements, which of
the following statements is incorrect?

A.
After an onsite service is completed, all temporary work content (such as
intermediate data and login accounts) used in the service must be cleared. If
such content must be retained for follow-up work, written approval must be
obtained from the customer.

B.
After the on-site service is completed, the customer must sign the service
report to confirm that the login password has been changed.

C. ans
Any operation that carries no risk but is not within the operation scope
approved by the customer can be implemented and explained to the
customer later.

D.
On-site services must be performed under customer authorization, in the
presence of the customer, and using the temporary account and password
given by the customer. The account and password cannot be shared with
others.

Previous

Next

3.
Regarding cyber security, which of the following statements is
correct?

A.
It is not necessary to check for irrelevant software and files on devices
before commissioning.

B.
During idle time, employees can use customers' networks for non-work-
related purposes, such as playing online games and logging in to non-work-
related websites.

C. ans
The test account and balance information created during commissioning can
be retained only when doing so is requested and approved by the customer
through signed consent.

D.
During commissioning, test account information and account functionality
can be added without customer approval.

Previous

Next

4.
Which of the following org is the main responsible for active
communication with customers in vulnerability management

A.
D&S

B.
Q&O
C.
CSO

D. ans
KAD

5.
A computer provided by the customer is used to perform operations
and maintenance on the customer's network. How should the virus
definitions be updated or managed in this case?

A.
Both Huawei and the customer can manage the update of virus definitions.

B.
Huawei manages the update of virus definitions.

C.
Antivirus software is installed and automatically updated. Neither Huawei nor
the customer needs to manage the update of virus definitions.

D. ans
The customer manages the update of virus definitions.
6.
Regarding virus scanning and removal, which of the following
statements is correct?

A.
Antivirus software has been installed on work computers, and the software is
centrally updated and optimized by the IT department. Therefore, it is
unnecessary to scan work computers for viruses before connecting them to
customer networks.

B.
Any computers or storage media that have been or are suspected of being
infected by a virus can be connected to a customer network with the
permission of the customer.

C. ans
Employees need to perform full virus scan regularly. Any computers or
storage media that have been or are suspected of being infected by a virus
cannot be connected to a customer network.

D.
The cyber security behavior of subcontractor employees is managed by the
subcontractor. Huawei is not accountable if subcontractor employees fail to
perform virus scan before connecting their computers to customer networks.
7.
During service delivery, which of the following statements does not
violate cyber security requirements?

A.
Accounts and passwords can be shared or disseminated without written
authorization from the customer.

B.
Embedding malicious code, malware, backdoors, or undisclosed interfaces or
accounts in provided products or services.

C.
Accessing a customer's systems or collecting, holding, processing, or
modifying any data or information on customer networks without written
authorization from the customer.

D. ans
When the customer authorization expires, stored customer network data
must be deleted and destroyed.
8.
Which of the following customer authorization methods is incorrect?

A. ans
Oral commitment

B.
Meeting minutes

C.
Service request

D.
Email
E.
Fax
9.
Which of the following statements about third-party devices during
service delivery is incorrect?

A. ans

Third-party equipment should be handled according to the responsibility

B.
Third-party security software can be modified to meet service requirements.

C.
During migration, third-party devices that contain storage media must be
handled as required by the customer.

D.
In the service process, engineers are not allowed to operate equipment of
other vendors in the customer's equipment room, except if Huawei is
responsible for the equipment during migration projects, projects in which
Huawei provides devices, or managed service projects.
10.
Regarding the description of system account management and
access rights control, which of the following statements is incorrect?

A.
Regularly clean up device accounts that are not in use.

B. ans
For convenience, the identity and password of another user can be used to
log in to the device for operations.

C.
Employees remind customers to limit the access rights and apply right- and
domain-based control and least privilege principles.

D.
Employees remind customers to regularly change all the passwords of the
devices and ensure that passwords meet complexity requirements.
11.
Complete the following statement: No one is allowed to compromise
the security of customer networks and information, such as

A.
The above statements also apply to relevant Huawei suppliers, engineering
partners, and consultants.

B.
Accessing customer networks and data, or collecting, holding, processing, or
modifying any data or information on customer networks, without customer
authorization.

C.
Using networks to perform any activities that harm national security or public
interest, steal or destroy other people's data, or infringe on other people's
legitimate rights and interests.

D.
Developing, replicating, or spreading computer viruses, or attacking
communications infrastructures, such as customer networks, through any
means.
12.
Which of the following items in project delivery cannot be disclosed?

A.
Account and password

B.
Technical solution

C.
Device configuration

D.
Network topology
13.
Which of the following statements about Huawei's cyber security
requirements for subcontractors are correct?

A.
Subcontractors must continuously strengthen cyber security awareness and
security regulation training.

B.
Subcontractors must comply with Huawei's delivery process and cyber
security redline requirements.

C.
Subcontractors must strengthen the self-inspection of onsite behavior for
cyber security.

D.
Subcontractors must comply with cyber security regulations of the country
where they are located.
14.
Which of the following statements about vulnerability are not
correct？

A.
Vulnerability fixed as the fixed SLA, and so the manufacturer must fixed the
vulnerability based on the agreed SLA with customer

B.
Huawei assists customers to migrate the vulnerability risk based on the
contract

C.
Vulnerabilities are equal to product quality defects, Huawei is responsible for
rectification

D.
Vulnerabilities will exist objectively for a long time and are impossible to
avoid
15.
Entry into and exit from a ( ) must comply with regulations specified
by the customer or relevant entity. Management regulations that
meet customer requirements must be established for Network
Operations Centers (NOCs) and Region Network Operations Centers
(RNOCs) built by Huawei.

A.
Customer equipment room
B.
Sensitive area (for example, government or military buildings)

C.
Customer network management center

D.
Office area
16.
What materials should subcontractors hand over to Huawei when a
subcontracting project is completed?

A.
Change records

B.
Project solution

C.
Network topology

D.
Customer authorization document
17.
Regarding data storage, which of the following statements are
correct?

A.
Paper documents and storage media/devices that contain customer network
data must be adequately managed to prevent data disclosure or loss.

B.
Access permissions to customer network data must be strictly controlled and
maintained regularly.

C.
Before leaving a security-sensitive area, employees must delete customer
network data stored in the employees' devices or storage media or
transferred to a local server or other storage media protected with security
measures.
D.
Data backup and virus scanning and removal must be performed.
18.
Regarding remote access process management, which of the
following statements are correct?

A.
After remote service is completed, customers must be reminded to close
remote service environments on the device side. This includes terminating
the remote service connection and the remote service software, and
changing the password used during the remote service.

B.
The software, versions, patches, and licenses installed on the customer
network through remote access must be obtained from Huawei's official
channels, for example, Huawei's support website, official emails, and case
library on the 3MS intranet.

C.
Before remote access, written authorization must be obtained from the
customer, and the authorization scope and time limit must be specified. The
remote access operation scheme must be approved by the project team and
relevant experts.

D.
The use of servers must be logged. Every user must record the use of
servers in a hard copy or IT system.

E.
After the remote service is completed, the data and information obtained
from the customer network must be deleted. If the data needs to be
retained, written authorization must be obtained from the customer.

F.
If customer network data needs to be collected for troubleshooting, the
scope and purposes of the data collection, as well as the security measures
to be taken, must be specified. In addition, written authorization must be
obtained from the customer.
19.
Which level of vulnerabilities need to be communicated to customer
based on《Carrier BG Vulnerability Management Regulations
(Provisional)》

A.
Level 4

B.
Level 1

C.
Level 3

D.
Level 2

Previous

Next

20.
In terms of personal data and privacy protection, which of the
following statements are correct?

A.
The use of personal data should be minimized, and personal data must be
anonymized or pseudonymized according to relevant laws.

B.
The rights and freedom of end users to process personal data are protected
by law.

C.
Unintentional violation of personal data or privacy will not incur legal liability.

D.
Appropriate technical and organizational measures must be taken to protect
personal data and prevent any unauthorized processing.

Previous

Next
21.
Before risky operations (such as software upgrades, critical
hardware replacements, and network structure changes) are
performed on the customer's equipment, the operations must be
explained to the customer in writing and approval obtained from the
customer. The operations must be based on lab or network
simulation data.

True

22.
All change operations on live networks must comply with Huawei's
requirements for "three approvals" (customer approval, project
team approval, and technical approval).

True

23.
When required to obtain customer data, a subcontractor can request
authorization directly from the customer without needing
authorization from the Huawei project owner.

False
24.
During equipment commissioning, test accounts and account
functionality can be added without customer authorization.

False
25.
After the on-site or remote service is complete, the customer is
required to sign in the service report to confirm that the login
password has been changed.

True
26.
After the on-site or remote service is complete, the customer does
not need to confirm that the login password has been changed by
signing the service report.

False
27.
During idle time, employees can use customers' networks for non-
work-related purposes, such as playing online games and logging in
to non-work-related websites.

False
28.
Official channels for obtaining software include software obtained
from Huawei's platforms after approval and software delivered with
products.

True

29.
According to cyber security redlines, it is prohibited to retain or use
administrator accounts or other unauthorized accounts after the
project is deployed for commercial use or transferred to the
maintenance phase. In either of these scenarios, the network
account and password must be handed over to the customer, the
customer must change the initial password, and signed confirmation
must be obtained from the customer.

True

30.
Employees should regularly scan for and remove viruses on
computers/terminals. If viruses are discovered or suspected on the
computer/terminal or storage media, it must not be connected to
the customers' networks.
True