Without written authorization from the customer, it is prohibited to do any False

operation in customer's network Under emergent situation, we can handle the

problem first, but must obtain customer's
authorization later.
The level of Cyber Security violations is only based on employee's behavior, not False
the consequence
Software obtained from Huawei's official channel indicates the software is True
downloaded from Huawei's platform after application and approval, or the
software is bundled with the hardware.
The effective authorization from customer include contract, fax. email, onsite True
service application, oral permission, and meeting minutes.
If a group of project team members work in a customer's office together, they can False
share one account, so that they do not have to apply for accounts from the
customer for multiple times But die*.' need to make sure the password is not
disclosed.
Huawei's definition of cyber security is to ensure the availability, integrity, О [a] products and solutions information of customers1 products & systems
confidentiality, traceabiliry, О [b] products, solutions, and sen ices customers' or users' communication
and robustness of____based on a legal framework Additionally, it protects content, personal data and privacy
die____carried merein, © [c].products. solutions, and services security of customers' products & systems
and die flow of unbiased information- О [d] products and senices customers' or users* communication content
personal data and privacy
In the Administrative Rules of Cyber Security Baseline, the cyber security О [а].а mandatory requirement
redHne is © [b] a mandatory requirement with conditions
О [с].a guiding requirement
О [d] .not required
The principle of making the Accountability System of Cyber Security [al-the liability of the actor is based on the consequence and the severity or
Violations is risks
or damages to
~he company
(b].the liability of the actor is based on the consequence or whether the
actor has a
or not and the punishment will be determined based on the severity of
damaoes caused by the
[c].the liability of the actor is based on whether the actor has malicious
intent and zixe conaeq
the punishment will be determined based on the severity of risks or damages
[dl-tha liability of the actor is based on the behavior, not the
consequence or wb-
maiicioue intent or not.

Many regulations in real society can extend to cyberspace. Therefore, ' (a).policy; principle [b].technology; responsibilities
the HR management framework of cyber security must be based on (C):.laws; legal liabilities [dl.technology: legal liabilities
____ to clarify the ____ between the company and the employees.
Every employee shall be held responsible for their actions and the
consequences and bear legal liability
Administrative Rules of Cyber Security Baseline" reads: ____ is
the first owner of cyber security assurance of businesses within their
respective authority. ____ is the first owner of cyber security
assurance of their respective processes.
In terms of organization,____is die highest cyber security management
organization in Huawei to
decide and approve die overall cyber security strategy.
Among the following acttities invohing customers' network data, which one is
false?
Which of the following statements is correct?
Among the following statements about channels to feed back cyber security
issues and request for help, which is false?
The objectives of computer security do not include
A computer \inis is i
i] .The Executives of business departments at all levels; The owners of
processes at lb] .The o^mers of processes at all levels; The Executives
of business departments at all levt: ■ The Executives of business
departments at all levels; The handler of processes az all ■ handler of
processes at all levels; The Executives of business departments at a
0[a].GlobaJ Cyber Security Committee (GCSC)
О [b].GlobaI Cyber Security Officer Office (GCSO Office)
О [c].Executh'e Management Team(EMT)
О [d].Investment ReMew Board (1RB)
О [a].Without the customers* consent, don't transfer customers' network data
(including personal data) out of the customer's network.
0 [b].It is prohibited to transfer customers' network data back to China If required that
by the customer, it is unnecessary getting further disclaimer from the customer.
О [с]. The transfer of personal data from EEA (European Economic Area) and other
countries with similar requirements shall comply with die local laws.
О [d].Without written authorization from the customer, don't take deuces or storage
media with customer network data (including personal data) out of the customer's
premises.
О [a] The working computers have anthiros software and the software is uniformly
upgraded and optimized by the IT department Therefore, engineers can connect their
computers to customers' networks without scanning for virus in advance.
О [b].If an engineer finds or suspects thai his her computer or storage de\ice is infected
by \nuses. the engineer can still connect the computer or storage de\ice to the
customer's network if the customer gives the permission
© [c].Before connecting computers or storage devices to customers' networks,
engineers must use the Symantec anthiros software to perform manual virus scans on
the computers and de\ices.
О [d].Subcontractors are responsible for managing the cyber security behaviors of men
employees Huawei does not hold the responsibility if a subcontractor's employee
connect his her computer to a customer's network without scanning and remo\mg
viruses
0 [a].It is the responsibility of cyber security related positions to report cyber security
issues and it has nothing to do with employees in common positions
О [b].First the employee shall request for help from the business manager.
0[c]The employee can consult or ask for help from local lawyers of the company and
cyber security interface
О [d] If an employee finds security \ulnerabilities disclosed by external forums! 3rd
party indhidual organization, he she can report to me relevant Cyber Security Office.
О [a].Confidentiality ОМ.ТгасмЫЙу © [сj.Immunity О [d].Integrity OM-Avalabflity
О [а] .А command 0[b]. A program О [с] A flag О [d]-A document
Which of the following statements about data usage is incorrect'1
which of the following statements about data storage ate correct?
Currently both operators and vendors are racing various impacts or challenges or
суbег security Which of the following are correct?
Cyber security is to ensure the ( ) of products, solutions, and senices based on a
legal framework
Concerning the protection of personal data and privacy, which of the following
statements are correct?
О [a] Engineers are prohibited lo use customers' network data outside the authorized
scope or unauthorized purpose, or disclose customers' network data in any form
Q [b].After finishing a project, engineers can save some of the customer's network data
in their computer, but only for study or experience accumulation, it can not be used for
other purpose.
О [с] If materials for external communication, seminars, or presentations include data
or information about customers' network, we should obtain customers' authorization or
delete the sensitive data (this requirement does not apply to data obtained from public
channels
0 [d].If customer's network data is used in case study or knowledge sharing, me
sensitive data must be deleted
0 [a] Engineers should proper!'.' keep paper documents, storage media, and devices that
contain me customer's network data to avoid data leakage or loss
0 [b]-Engineers should strictly control access rights to the customer's network data, and
regularly maintain the network data
0 [c].It is required to properly implement data backup and antrvirus operations
0 [d] Before leaving sensitive areas, employees should delete the network data in their
devices or storage medium or transfer them to the local server or other storage medium
with management measures.
0 [a].The US and some European governments have included cyber security as an
integral part of their national security strategy and imposed security compliance
requirements on the telecoms industry
0 [b] The global legislation of cyber security and privacy protection tends to become
more strict Cyber security issues can easily turn into legal issues of infringing national
security and personal privacy.
0 [c].The market threshold is higher- The operators transfer the legal obligations to
vendors. More and more major operators require vendors to sign a dedicated security
agreement.
0 [d] .Vendors shall give tuD consideration to the robustness and resilience of the
products to select appropriate technical solutions They shall strengthen security-
measures to further reduce the costs of security manaeement, operations and
maintenance
El [a].Confidentiality
0 [b]. Integrity
D [c] Rationality
H[d] Availability
D[e).Traceabi!ity
Dffl.Robustness & Resilience
0 [a].End users' rights and freedom in processing personal data, especially privacy
rights, are protected by law.
0 \b] We shaD try to avoid and reduce the use of personal data, and anonymize the data
or use pseudonyms to process as much as possible according to local laws
0 [c}!-\Ve shall have appropriate technical and organizational measures to protect
personal data to prevent illegal processing of the data in any form.

In terms of personnel management, who are required by the Company to strictly
follow the corporate cyber security policies?
Among the following statements about the punishment of the directly table
person in the Accountability System of Cyber Security Violations, which ones
are applicable?
Which of the foflowing statements about on-site service are correct?
Which of the following arc cyber security eolations'1
Which of the following are cyber security violations in external communication.'
When entering or lea\ing( ) engineers must follow customer or organization's
management regulations. Management regulations for Huawei built NOCs and
RNOCs that meet customer's requirements should be developed and followed
stricdy.
According the laws of America and some European countries, which of the
following are cyber security crimes?
П [d].If one person inadvertently infringes personal data and ргпжу with breaking the
law. he may not bear the legal liability'
all
0 [a] For a level 1 violation, terminate the employment contract with the violator, do
not provide economic compensation for the \iolator, pursue or reserve the right to
pursue legal actions against the employee if he she \iolates die laws and regulations,
record the incident in the Employee Integrity Database and never rehire the employee.
0 [b].If the directly liable emplovee interferes with, or obstructs, thelinvestigation of
me violation incident, he she shall be subject to an increased or heavier punishment,
0 [c].If the directly liable employee timely reports upon encountering die violation and
takes active measures to mitigate die loss as a result of die violation, he she shall be
subject to a reduced or lighter punishment,
□ [d] Don't punish die direct and indirect manager of die direcdy liable person
0 [a] Engineers can pro\ide on-sile service only with the customer's consent and
presence on site, and use the temporary account and password provided by the
customer and make sure that the)* do not share the accounts and pas swords with
others
□ [b]. If the operation scope exceeds the scope approved by the customer but it is
estimated mat the additional operations will not bring any risk, engineers can carry out
the operation tost and explain the situation to customers later.
0 [c] After on-site service, the temporary information (such as process data and login
accounts) added in the sen-ice process should be cleared If it is requited to retain
certain temporary information for subsequent work, engineers must obtain the
customer's written approval first
0 [d] .After on-site service, the customer should sign on the service report to confirm
that the login password is changed.
all
El [a] Without written authorization from the customer, disclose and disseminate the
customer's confidential information
0 [bJ.Make commitments to customers that may \iolate the rele\*ant cyber security
laws (e.g.: Disrupt Monitor. Track etc.).
0 [cJ.Quote the customers' network data and information from public channels
0 [d] Without the authorization of the company, reveal or disclose redline problems or
v-uherabiHlies or other information that may arouse customers' cyber security concerns
0 [e] In communication materials or presentations, use sensitive wording in the
materials or presentation that make customers misunderstand our cyber secant"."
0 [a] Customers' equipment room
0 \b] Customers' network management center
0 [c] Customers' office area К
□ [d].Sensitive areas (such as governments and military areas)
0 [ajfllegal access unauthorized access
0 \b] iDegal interception
0 [c] data interruption, system interruption

Regarding the remote access management (in sensitive countries), which of the
following statements are correcl?( )
Which of the foDowing statements about the physical emironment for remote
access (in sensitive countries) ate correct? ( )
It is a crucial corporate strategy to establish and implement cyber security
assurance system. The Company \viU abide by all applicable laws of privacy
protection and cyber security of the United Nations, the US, EU and other
countries and regions ("applicable laws").
Which of the following are general requirements in cyber security related laws
and regulations in various countries or regions?
Which of the foDowmg are cyber security \iolation& without the customers* written
authorization'!'
0 (d) abuse of devices .
0 [e] illegal transfer of personal data
0 [a] Before remotely accessing the customer network, obtain the customer's written
permission, in which the permission scope and duration are specified The operation
process and solution should be confirmed by the project and the related technical
expert
0 [b] During the process of problems location, if it is necessary to collect customer
network information, clarify the information scope, collection purpose, and security
measures, and obtain the customer's written permission
□ [c] After remote access to the customer network, all software, versions, patches, and
licenses installed on the customer network must be obtained from the official Huawei
channel
0 [d] After remote service, notify the customer of closing the remote service
emironment. including disconnecting remote senice on the network, stopping the
running of remote senice software, and changing logon passwords used during the
process of delivering remote senice.
D [e].After remote senice, immediately delete the data and information acquired from
the customer network
If it is necessary to keep the data and information, the customer's written permission
must be
ohlflincd
0 [f] .The use of aD servers must be strictly recorded. АЛ users shall record the
information in paper documents or the IT system. The information should include
Name, Start time. End time. Operation scope, target, first line interface etc.
□ [a].Employees can only access the customer network from Huawei intranet network-
El
[b] The remote access environment is an independent place which should be under
control
0 [c] The remote access environment is open only for people who enter the emironment
for business needs The permission to enter and exit the place must be requested
0 [dJ.The place is usually closed. To enter or exit the place, the employees must punch
cards or obtain the approval from the management owner and register relevant
information as required
El [e] Access tights to the environment must be under strict control If relevant people
are repositioned, the management owner shall cancel their access rights
В [a] Protect end users* communication secrets and freedom
0 [b].Protect end users' personal data and privacy
(•D [c] Assure me security of customers' communication network and data
Ш fd] Protect the customers' rich! and freedom in dealing with end users' personal data
0 [a].Access customers' system; coDect and hold data and information in the
customers' network
0 [b].Access customers' system, modify me data and information in the customerss
network

In the process of sen ice delivery, which of the following are cyber security
violations?
Which of the following statements about system account management and access
rights control are correct? ( )
According to HuavveTc definition of cyber security, which of the following risks
can be avoided through cyber security assurance 1
For the management of accounts and passwords, which of the
following are cyber security violations
Huawei hereby undertakes it аз a crucial company strategy to
establish and implement an E2E global cyber security assurance
system, based on compliance with the applicable laws, regulations
and standards of relevant countries and regions, and by reference
to the industry best practice, system will incorporate aspects from
corporate policies, organizational structures, business proc
technology and standard practice. The professes where the cyber
security will be ii
No one is allowed to display any behavior that damages the
security of customers' network such as
An employee is Involved in a project at a customer's
site. The employee accesses the customer's network
with his own laptop. As his laptop is infected with
0 [cJ.Carry the device or storage media with customers' network data out of me
customers* site
0 [d] Access and process users' communication content and personal data, such as
voice, location data, and key pressing records
И [a] Embed malicious :ode nudware «ad backdoors к die providedproducts a services
reserve
any undocumented interface and account
0 [b] .Without written authori2ation from the customer, access the customer's network;
collect, hold process and tamper with any data and information in the customer's
network
0 [c].After the expiration of the customer's authorization, delete and destroy the stored
customer network data-El [d] Without written authorization from the customer,
disseminate and use shared accounts and passwords
0 [a] .Engineers should remind customers to set necessary restriction on operation and
access rights The rights should be granted by domains based on the minimum
authorization principle
0 [b] Ensure mat every rele\*ant person has unique user ID and password that can be
used only by that person
0 [c] Remind customers to regularly update all passwords of all equipment, and ensure
the complexity of the passwords.
□ [d] Clear all the accounts of the equipment to delete inactive accounts on a regular
basis.
0 [a]. The economic benefits and reputation of Huav.ei and its customers are harm. 0
[b].The actor or Huawei has to bear chiL administrative and even criminal liabilities 0
[c] Cyber security becomes an excuse for trade protection 0[d] Cyber security becomes
anise that sets off an international political crisis.
all
lei.RiD IPD process, Service delivery (SD> process .Supply Chain
process. Procurement process
ad со Cash process (LTC), Issue со Resolution process (ITRj ige HR
process, Manage BT&IT process A snd С are correct.
all
[e] .Always make sure to completely remove all viruses before accessing
the customer's networ the issue is urgent, access the network with a
virus infected laptop to resolve the r [c] .Employees shall enhance their
viruses and access without complete viruses killing so cyber security awareness.
that the customer's network is infected and the .If the viruses can't be completely deleted, the eirployee can ask the IT
customer's data are automatically depa
transferred out of the customer's country. The
incident puts Company and the customer in great
security risks. Which of the following analysis are
correct?
Huawei employees shall comply with all applicable laws and regulation of All
assuring the itomers' networlca and shall not perform any behavior that violates laws
and regulations. Mec. they shall ensure that their business behaviors are
compliant with the customers'
on regulations and Huawei's internal processes and systems. Otherwise, they may
make Hue-. l themselves subject to civil, administrative or even
criminal liability. According to
provisions on assuring customers' network security in the Business Conduct
Guidelines of Huawei Employees, the Company prohibits:

Which of the following behaviors are cyber security violations? All

Engineer Z is designated Py the Company to do trouble shooting
for a customer. The customer demand! that the problem is Being
resolved as soon as possible. Which of Che following behaviors of are
wrong?
J
[a].As che customer's requirement is urgent, immediately access the customer's
system to do trouble
shooting, without the customers' authorization.
)[b].First apply to the customer to get the written authorization to access to the
customer's system. V. (c).If Z fails to get the written authorization after multiple
attempts of contacting the customer, access
the customer's system by himself to do che trouble shooting. V, [d].Z thinks that the
relationship with the customer is good. First access the customer's system and
then apply for written authorization.