Professional Documents
Culture Documents
CSC-En-Cyber Security Certificate For The Service Subcontractor Resource of Huawei CNBG
CSC-En-Cyber Security Certificate For The Service Subcontractor Resource of Huawei CNBG
CSC-En-Cyber Security Certificate For The Service Subcontractor Resource of Huawei CNBG
False
During idle time, employees can use customers' networks for non-
work-related purposes, such as playing online games and logging in
to non-work-related websites.
True
False
False
False
False
False
False
False
False
False
False
Employees should regularly scan for and remove viruses on
computers/terminals. If viruses are discovered or suspected on the
computer/terminal or storage media, it must not be connected to the
customers' networks.
True
False
False
False
False
False
B. Video call
C. Phone call
D. Email
B. Email
C. Meeting minutes
D. Oral commitment
E. Fax
B. Oral commitment
C. Service request
D. Fax
E. Meeting minutes
B. After the on-site service is completed, the customer must sign the service report to confirm
that the login password has been changed.
C. After an onsite service is completed, all temporary work content (such as intermediate data
and login accounts) used in the service must be cleared. If such content must be retained for
follow-up work, written approval must be obtained from the customer.
D. Any operation that carries no risk but is not within the operation scope approved by the
customer can be implemented and explained to the customer later.
D. When the customer authorization expires, stored customer network data must be deleted
and destroyed.
B. It is not necessary to check for irrelevant software and files on devices before
commissioning.
C. During commissioning, test account information and account functionality can be added
without customer approval.
D. During idle time, employees can use customers' networks for non-work-related purposes,
such as playing online games and logging in to non-work-related websites.
C. Encrypted email
D. Fax
B. Using customers' accounts and passwords after obtaining written authorization from
customers.
B. Photos or videos can be taken at customer premises without prior authorization from
customers.
C. Photos or videos can be taken at customer premises and then shared in group chats
without prior authorization from customers.
D. Prior authorization from customers must be obtained before taking photos or videos at
customer premises.
B. During project construction, if a subcontract employee does not understand the cyber
security or user privacy protection requirements, the employee can contact the Huawei
project team supervisor and resume work after the employee fully understands the
requirements.
D. During project construction, subcontractors should comply with related product security
specifications and cooperate with Huawei during Huawei inspections. Any identified issues
should be solved immediately.
C. Employees remind customers to limit the access rights and apply right- and domain-based
control and least privilege principles.
D. For convenience, the identity and password of another user can be used to log in to the
device for operations.
C. Customer network data must be used only within the authorized scope and cannot be used
for other purposes or disclosed in any form.
D. After a project is completed, customer network data can be stored on work computers for
future communication and discussions if the customer does not expressly require the data to
be deleted.
B. Employees need to perform full virus scan regularly. Any computers or storage media that
have been or are suspected of being infected by a virus cannot be connected to a customer
network.
D. Antivirus software has been installed on work computers, and the software is centrally
updated and optimized by the IT department. Therefore, it is unnecessary to scan work
computers for viruses before connecting them to customer networks.
C. Change records
D. Network topology
Regarding data storage, which of the following statements are
correct?
A. Paper documents and storage media/devices that contain customer network data must be
adequately managed to prevent data disclosure or loss.
B. Before leaving a security-sensitive area, employees must delete customer network data
stored in the employees' devices or storage media or transferred to a local server or other
storage media protected with security measures.
D. Access permissions to customer network data must be strictly controlled and maintained
regularly.
C. Device configuration
D. Network topology
C. Subcontractors must comply with cyber security regulations of the country where they are
located.
D. Subcontractors must strengthen the self-inspection of onsite behavior for cyber security.
Regarding the cyber security management of subcontractors, which
of the following statements are correct?
A. Subcontractor employees must comply with the rules, regulations, and management
instructions of customers and must not attack or compromise customer networks or attempt
to crack customer account passwords.
B. Cyber security redline requirements apply only to Huawei employees, not to subcontractor
employees.
C. Subcontractor employees must not access a customer's systems, or collect, hold, process,
or modify any data or information on customer networks, without obtaining written
authorization from the customer.
D. All new suppliers involved in cyber security must pass the cyber security system
qualification.
Entry into and exit from a ( ) must comply with regulations specified
by the customer or relevant entity. Management regulations that
meet customer requirements must be established for Network
Operations Centers (NOCs) and Region Network Operations Centers
(RNOCs) built by Huawei.
A. Customer equipment room
C. Office area
B. Accessing customer networks and data, or collecting, holding, processing, or modifying any
data or information on customer networks, without customer authorization.
C. The above statements also apply to relevant Huawei suppliers, engineering partners, and
consultants.
B. The software, versions, patches, and licenses installed on the customer network through
remote access must be obtained from Huawei's official channels, for example, Huawei's
support website, official emails, and case library on the 3MS intranet.
C. Before remote access, written authorization must be obtained from the customer, and the
authorization scope and time limit must be specified. The remote access operation scheme
must be approved by the project team and relevant experts.
D. After remote service is completed, customers must be reminded to close remote service
environments on the device side. This includes terminating the remote service connection and
the remote service software, and changing the password used during the remote service.
E. If customer network data needs to be collected for troubleshooting, the scope and
purposes of the data collection, as well as the security measures to be taken, must be
specified. In addition, written authorization must be obtained from the customer.
F. The use of servers must be logged. Every user must record the use of servers in a hard copy
or IT system.
B. Appropriate technical and organizational measures must be taken to protect personal data
and prevent any unauthorized processing.
C. Unintentional violation of personal data or privacy will not incur legal liability.
D. The rights and freedom of end users to process personal data are protected by law.