After the on-site or remote service is complete, the customer is

required to sign in the service report to confirm that the login

password has been changed.
True

False

During idle time, employees can use customers' networks for non-
work-related purposes, such as playing online games and logging in
to non-work-related websites.
True

False

According to cyber security redlines, it is prohibited to retain or use

administrator accounts or other unauthorized accounts after the
project is deployed for commercial use or transferred to the
maintenance phase. In either of these scenarios, the network account
and password must be handed over to the customer, the customer
must change the initial password, and signed confirmation must be
obtained from the customer.
True

False

Official channels for obtaining software include software obtained

from Huawei's platforms after approval and software delivered with
products.
True

False

Cyber security redlines are mandatory requirements. However, if they

conflict with services, service requirements prevail.
True

False

After an on-site service is complete, all customer-related temporary

work content (such as intermediate data and login accounts) used
during the service must be cleared. If such content needs to be
retained for follow-up work, written approval must be obtained from
the customer.
True

False

Software versions from unofficial channels can be used in equipment

commissioning and software upgrade.
True

False

Accounts and passwords of superusers must be managed by

customers. If certain network operations require the superuser
account, employees must apply for it from the customer. After the
operations are completed, the customer must be reminded to change
the password.
True

False

After the on-site or remote service is complete, the customer does

not need to confirm that the login password has been changed by
signing the service report.
True

False

During equipment commissioning, test accounts and account

functionality can be added without customer authorization.
True

False

During equipment commissioning, test account information and

account functionality must not be added without customer
authorization.
True

False
Employees should regularly scan for and remove viruses on
computers/terminals. If viruses are discovered or suspected on the
computer/terminal or storage media, it must not be connected to the
customers' networks.
True

False

All change operations on live networks must comply with Huawei's

requirements for "three approvals" (customer approval, project team
approval, and technical approval).
True

False

During commissioning in project delivery, customer networks can be

modified based on methods provided by Internet forums or open
source communities.
True

False

When required to obtain customer data, a subcontractor can request

authorization directly from the customer without needing
authorization from the Huawei project owner.
True

False

Before the installation of any tool or software on a customer's

network, written authorization must be obtained from the customer.
If the customer cannot be reached and an emergency occurs,
software can be temporarily installed on the customer's devices and
deleted immediately after the task is completed.
True

False

Which of the following customer authorization methods is correct?

A. Oral commitment

B. Video call
C. Phone call

D. Email

Which of the following customer authorization methods is incorrect?

A. Service request

B. Email

C. Meeting minutes

D. Oral commitment

E. Fax

Which of the following customer authorization methods is incorrect?

A. Email

B. Oral commitment

C. Service request

D. Fax

E. Meeting minutes

Regarding the description of on-site service requirements, which of

the following statements is incorrect?
A. On-site services must be performed under customer authorization, in the presence of the
customer, and using the temporary account and password given by the customer. The
account and password cannot be shared with others.

B. After the on-site service is completed, the customer must sign the service report to confirm
that the login password has been changed.

C. After an onsite service is completed, all temporary work content (such as intermediate data
and login accounts) used in the service must be cleared. If such content must be retained for
follow-up work, written approval must be obtained from the customer.

D. Any operation that carries no risk but is not within the operation scope approved by the
customer can be implemented and explained to the customer later.

During service delivery, which of the following statements does not

violate cyber security requirements?
A. Accessing a customer's systems or collecting, holding, processing, or modifying any data or
information on customer networks without written authorization from the customer.
B. Accounts and passwords can be shared or disseminated without written authorization from
the customer.

C. Embedding malicious code, malware, backdoors, or undisclosed interfaces or accounts in

provided products or services.

D. When the customer authorization expires, stored customer network data must be deleted
and destroyed.

Regarding cyber security, which of the following statements is

correct?
A. The test account and balance information created during commissioning can be retained
only when doing so is requested and approved by the customer through signed consent.

B. It is not necessary to check for irrelevant software and files on devices before
commissioning.

C. During commissioning, test account information and account functionality can be added
without customer approval.

D. During idle time, employees can use customers' networks for non-work-related purposes,
such as playing online games and logging in to non-work-related websites.

Which of the following methods is incorrect for transferring

important information such as system passwords during network
maintenance?
A. Face to face

B. Over the phone

C. Encrypted email

D. Fax

Regarding account password management, which of the following

does not violate cyber security?
A. Reserving an undisclosed account in provided products or services.

B. Using customers' accounts and passwords after obtaining written authorization from
customers.

C. Attacking or compromising a customer network, or cracking a customer password.

D. Disclosing and disseminating the accounts and passwords of customers' networks.

Regarding the taking of pictures and shooting of videos in a
customer's office area, which of the following statements is correct?
A. Photos or videos can be taken at customer premises and then shared on social networks
without prior authorization from customers.

B. Photos or videos can be taken at customer premises without prior authorization from
customers.

C. Photos or videos can be taken at customer premises and then shared in group chats
without prior authorization from customers.

D. Prior authorization from customers must be obtained before taking photos or videos at
customer premises.

Regarding the description of feedback and help related to cyber

security, which of the following statements is incorrect?
A. Feedback of cyber security issues is the responsibility of employees in cyber security
positions and is not related to other employees.

B. During project construction, if a subcontract employee does not understand the cyber
security or user privacy protection requirements, the employee can contact the Huawei
project team supervisor and resume work after the employee fully understands the
requirements.

C. If a cyber security or user privacy incident occurs during construction, subcontractor

employees must immediately inform the Huawei project team supervisor of the incident or
contact the Huawei project manager directly.

D. During project construction, subcontractors should comply with related product security
specifications and cooperate with Huawei during Huawei inspections. Any identified issues
should be solved immediately.

Regarding the description of system account management and

access rights control, which of the following statements is incorrect?
A. Employees remind customers to regularly change all the passwords of the devices and
ensure that passwords meet complexity requirements.

B. Regularly clean up device accounts that are not in use.

C. Employees remind customers to limit the access rights and apply right- and domain-based
control and least privilege principles.

D. For convenience, the identity and password of another user can be used to log in to the
device for operations.

Which of the following statements about customer authorization is

incorrect?
A. Written authorization is not required for access to customer networks.

B. Written authorization is required for collecting equipment data.

C. Written authorization is required for modifying equipment data.

D. Written authorization is required for accessing equipment data.

Regarding data usage, which of the following statements is incorrect?

A. Customer network data must be anonymized and cannot be directly used in case study and
knowledge sharing.

B. If customer network data is used in documents for external communication, discussions, or

demonstration, written authorization must be obtained from the customer. Alternatively, the
data must be anonymized unless it is from open sources.

C. Customer network data must be used only within the authorized scope and cannot be used
for other purposes or disclosed in any form.

D. After a project is completed, customer network data can be stored on work computers for
future communication and discussions if the customer does not expressly require the data to
be deleted.

Regarding virus scanning and removal, which of the following

statements is correct?
A. Any computers or storage media that have been or are suspected of being infected by a
virus can be connected to a customer network with the permission of the customer.

B. Employees need to perform full virus scan regularly. Any computers or storage media that
have been or are suspected of being infected by a virus cannot be connected to a customer
network.

C. The cyber security behavior of subcontractor employees is managed by the subcontractor.

Huawei is not accountable if subcontractor employees fail to perform virus scan before
connecting their computers to customer networks.

D. Antivirus software has been installed on work computers, and the software is centrally
updated and optimized by the IT department. Therefore, it is unnecessary to scan work
computers for viruses before connecting them to customer networks.

What materials should subcontractors hand over to Huawei when a

subcontracting project is completed?
A. Project solution

B. Customer authorization document

C. Change records

D. Network topology
Regarding data storage, which of the following statements are
correct?
A. Paper documents and storage media/devices that contain customer network data must be
adequately managed to prevent data disclosure or loss.

B. Before leaving a security-sensitive area, employees must delete customer network data
stored in the employees' devices or storage media or transferred to a local server or other
storage media protected with security measures.

C. Data backup and virus scanning and removal must be performed.

D. Access permissions to customer network data must be strictly controlled and maintained
regularly.

Which of the following operations require customers' prior written

authorization?
A. Modifying device data

B. Checking device data

C. Collecting device data

D. Accessing customer networks

Which of the following items in project delivery cannot be disclosed?

A. Technical solution

B. Account and password

C. Device configuration

D. Network topology

Which of the following statements about Huawei's cyber security

requirements for subcontractors are correct?
A. Subcontractors must comply with Huawei's delivery process and cyber security redline
requirements.

B. Subcontractors must continuously strengthen cyber security awareness and security

regulation training.

C. Subcontractors must comply with cyber security regulations of the country where they are
located.

D. Subcontractors must strengthen the self-inspection of onsite behavior for cyber security.
Regarding the cyber security management of subcontractors, which
of the following statements are correct?
A. Subcontractor employees must comply with the rules, regulations, and management
instructions of customers and must not attack or compromise customer networks or attempt
to crack customer account passwords.

B. Cyber security redline requirements apply only to Huawei employees, not to subcontractor
employees.

C. Subcontractor employees must not access a customer's systems, or collect, hold, process,
or modify any data or information on customer networks, without obtaining written
authorization from the customer.

D. All new suppliers involved in cyber security must pass the cyber security system
qualification.

Which of the following types of information cannot be spread or

disclosed during service delivery?
A. Frequency resources, interconnection parameters, and service features

B. Charging information, pipeline information, and terminal user information

C. IP addresses, device passwords, technical specifications, and KPIs

D. Site location, site device configurations, and networking scheme

Entry into and exit from a ( ) must comply with regulations specified
by the customer or relevant entity. Management regulations that
meet customer requirements must be established for Network
Operations Centers (NOCs) and Region Network Operations Centers
(RNOCs) built by Huawei.
A. Customer equipment room

B. Customer network management center

C. Office area

D. Sensitive area (for example, government or military buildings)

Complete the following statement: No one is allowed to compromise

the security of customer networks and information, such as
A. Using networks to perform any activities that harm national security or public interest, steal
or destroy other people's data, or infringe on other people's legitimate rights and interests.

B. Accessing customer networks and data, or collecting, holding, processing, or modifying any
data or information on customer networks, without customer authorization.
C. The above statements also apply to relevant Huawei suppliers, engineering partners, and
consultants.

D. Developing, replicating, or spreading computer viruses, or attacking communications

infrastructures, such as customer networks, through any means.

Regarding remote access process management, which of the

following statements are correct?
A. After the remote service is completed, the data and information obtained from the
customer network must be deleted. If the data needs to be retained, written authorization
must be obtained from the customer.

B. The software, versions, patches, and licenses installed on the customer network through
remote access must be obtained from Huawei's official channels, for example, Huawei's
support website, official emails, and case library on the 3MS intranet.

C. Before remote access, written authorization must be obtained from the customer, and the
authorization scope and time limit must be specified. The remote access operation scheme
must be approved by the project team and relevant experts.

D. After remote service is completed, customers must be reminded to close remote service
environments on the device side. This includes terminating the remote service connection and
the remote service software, and changing the password used during the remote service.

E. If customer network data needs to be collected for troubleshooting, the scope and
purposes of the data collection, as well as the security measures to be taken, must be
specified. In addition, written authorization must be obtained from the customer.

F. The use of servers must be logged. Every user must record the use of servers in a hard copy
or IT system.

In terms of personal data and privacy protection, which of the

following statements are correct?
A. The use of personal data should be minimized, and personal data must be anonymized or
pseudonymized according to relevant laws.

B. Appropriate technical and organizational measures must be taken to protect personal data
and prevent any unauthorized processing.

C. Unintentional violation of personal data or privacy will not incur legal liability.

D. The rights and freedom of end users to process personal data are protected by law.