1.

（True or False） （2Point(s)）

When required to obtain customer data, a subcontractor can request authorization directly from the
customer without needing authorization from the Huawei project owner.
A.True
B.False

2. （True or False） （2Point(s)）

All change operations on live networks must comply with Huawei‘s requirements for “three
approvals“ (customer approval, project team approval, and technical approval).
A.True
B.False

3. （True or False） （2Point(s)）

Accounts and passwords of superusers must be managed by customers. If certain network
operations require the superuser account, employees must apply for it from the customer. After the
operations are completed, the customer must be reminded to change the password.
A.True
B.False

4. （True or False） （2Point(s)）

During commissioning in project delivery, customer networks can be modified based on methods
provided by Internet forums or open source communities.
A.True
B.False

5. （True or False） （2Point(s)）

Before the installation of any tool or software on a customer‘s network, written authorization must
be obtained from the customer. If the customer cannot be reached and an emergency occurs,
software can be temporarily installed on the customer‘s devices and deleted immediately after the
A.True
B.False

6. （True or False） （2Point(s)）

During equipment commissioning, test accounts and account functionality can be added without
A.True
B.False

7. （True or False） （2Point(s)）

Official channels for obtaining software include software obtained from Huawei‘s platforms after
approval and software delivered with products.
A.True
B.False

8. （True or False） （2Point(s)）

Employees should regularly scan for and remove viruses on computers/terminals. If viruses are
discovered or suspected on the computer/terminal or storage media, it must not be connected to
 A.True
B.False

9. （True or False） （2Point(s)）

After the on-site or remote service is complete, the customer is required to sign in the service report
to confirm that the login password has been changed.
A.True
B.False

10. （True or False） （2Point(s)）

During troubleshooting operations, written authorization is provided by the customer to collect data
from live networks. Such data can be transmitted and shared in plain text through online drives.
A.True
B.False

11. （True or False） （2Point(s)）

After the on-site or remote service is complete, the customer does not need to confirm that the login
password has been changed by signing the service report.
A.True
B.False

12. （True or False） （2Point(s)）

Cyber security redlines are mandatory requirements. However, if they conflict with services, service
A.True
B.False

13. （True or False） （2Point(s)）

Before risky operations (such as software upgrades, critical hardware replacements, and network
structure changes) are performed on the customer‘s equipment, the operations must be explained to
the customer in writing and approval obtained from the customer. The operations must be based on
A.True
B.False

14. （True or False） （2Point(s)）

After an on-site service is complete, all customer-related temporary work content (such as
intermediate data and login accounts) used during the service must be cleared. If such content needs
to be retained for follow-up work, written approval must be obtained from the customer.
A.True
B.False

15. （True or False） （2Point(s)）

During idle time, employees can use customers‘ networks for non-work-related purposes, such as
playing online games and logging in to non-work-related websites.
A.True
B.False
16. （True or False） （2Point(s)）
Written authorization must be obtained from customers before processing or modification of data
can be performed on customers‘ networks or devices. However, customer authorization is not
required if the operations do not affect network or device operation.
A.True
B.False

17. （True or False） （2Point(s)）

Software versions used in equipment commissioning and software upgrade must be obtained
A.True
B.False

18. （Single Choice） （3Point(s)）

Which of the following statements about third-party devices during service delivery is incorrect?
A.Third-party equipment should be handled according to the responsibility matrix and should not
be operated or changed without permission.
B.In the service process, engineers are not allowed to operate equipment of other vendors in the
customer‘s equipment room, except if Huawei is responsible for the equipment during migration
projects, projects in which Huawei provides devices, or managed service projects.
C.During migration, third-party devices that contain storage media must be handled as required
D.Third-party security software can be modified to meet service requirements.

19. （Single Choice） （3Point(s)）

Regarding virus scanning and removal, which of the following statements is correct?
A.Any computers or storage media that have been or are suspected of being infected by a virus
can be connected to a customer network with the permission of the customer.
B.Employees need to perform full virus scan regularly. Any computers or storage media that have
been or are suspected of being infected by a virus cannot be connected to a customer network.
C.The cyber security behavior of subcontractor employees is managed by the subcontractor.
Huawei is not accountable if subcontractor employees fail to perform virus scan before
D.Antivirus software has been installed on work computers, and the software is centrally updated
and optimized by the IT department. Therefore, it is unnecessary to scan work computers for
viruses before connecting them to customer networks.

20. （Single Choice） （3Point(s)）

Regarding the taking of pictures and shooting of videos in a customer‘s office area, which of the
following statements is correct?
A.Photos or videos can be taken at customer premises and then shared in group chats without
prior authorization from customers.
B.Photos or videos can be taken at customer premises without prior authorization from
C.Prior authorization from customers must be obtained before taking photos or videos at
D.Photos or videos can be taken at customer premises and then shared on social networks
without prior authorization from customers.

21. （Single Choice） （3Point(s)）

Regarding cyber security, which of the following statements is correct?
 A.The test account and balance information created during commissioning can be retained only
when doing so is requested and approved by the customer through signed consent.
B.It is not necessary to check for irrelevant software and files on devices before commissioning.
C.During idle time, employees can use customers‘ networks for non-work-related purposes, such
as playing online games and logging in to non-work-related websites.
D.During commissioning, test account information and account functionality can be added

22. （Single Choice） （3Point(s)）

Regarding the description of on-site service requirements, which of the following statements is
A.On-site services must be performed under customer authorization, in the presence of the
customer, and using the temporary account and password given by the customer. The account
B.Any operation that carries no risk but is not within the operation scope approved by the
customer can be implemented and explained to the customer later.
C.After an onsite service is completed, all temporary work content (such as intermediate data and
login accounts) used in the service must be cleared. If such content must be retained for follow-
up work, written approval must be obtained from the customer.
D.After the on-site service is completed, the customer must sign the service report to confirm that
the login password has been changed

23. （Single Choice） （3Point(s)）

A computer provided by the customer is used to perform operations and maintenance on the
customer‘s network. How should the virus definitions be updated or managed in this case?
A.The customer manages the update of virus definitions.
B.Both Huawei and the customer can manage the update of virus definitions.
C.Antivirus software is installed and automatically updated. Neither Huawei nor the customer
needs to manage the update of virus definitions.
D.Huawei manages the update of virus definitions.

24. （Single Choice） （3Point(s)）

During service delivery, which of the following statements does not violate cyber security
A.Accounts and passwords can be shared or disseminated without written authorization from the
B.Embedding malicious code, malware, backdoors, or undisclosed interfaces or accounts in
provided products or services.
C.Accessing a customer‘s systems or collecting, holding, processing, or modifying any data or
information on customer networks without written authorization from the customer.
D.When the customer authorization expires, stored customer network data must be deleted and

25. （Single Choice） （3Point(s)）

Regarding the description of feedback and help related to cyber security, which of the following
A.Feedback of cyber security issues is the responsibility of employees in cyber security positions
and is not related to other employees.
B.If a cyber security or user privacy incident occurs during construction, subcontractor employees
must immediately inform the Huawei project team supervisor of the incident or contact the
C.During project construction, if a subcontract employee does not understand the cyber security
or user privacy protection requirements, the employee can contact the Huawei project team
supervisor and resume work after the employee fully understands the requirements.
 D.During project construction, subcontractors should comply with related product security
specifications and cooperate with Huawei during Huawei inspections. Any identified issues should

26. （Single Choice） （3Point(s)）

Which of the following methods is incorrect for transferring important information such as system
passwords during network maintenance?
A.Fax
B.Face to face
C.Encrypted email
D.Over the phone

27. （Single Choice） （3Point(s)）

Regarding data usage, which of the following statements is incorrect?
A.If customer network data is used in documents for external communication, discussions, or
demonstration, written authorization must be obtained from the customer. Alternatively, the data
must be anonymized unless it is from open sources.
B.Customer network data must be used only within the authorized scope and cannot be used for
other purposes or disclosed in any form.
C.Customer network data must be anonymized and cannot be directly used in case study and
D.After a project is completed, customer network data can be stored on work computers for
future communication and discussions if the customer does not expressly require the data to be

28. （Single Choice） （3Point(s)）

Which of the following customer authorization methods is incorrect?
A.Email
B.Meeting minutes
C.Oral commitment
D.Fax
E.Service request

29. （Single Choice） （3Point(s)）

Regarding the description of system account management and access rights control, which of the
following statements is incorrect?
A.For convenience, the identity and password of another user can be used to log in to the device
B.Regularly clean up device accounts that are not in use.
C.Employees remind customers to limit the access rights and apply right- and domain-based
control and least privilege principles.
D.Employees remind customers to regularly change all the passwords of the devices and ensure
that passwords meet complexity requirements.

30. （Multiple Choice） （5Point(s)）

Which of the following items in project delivery cannot be disclosed?
A.Account and password
B.Network topology
C.Device configuration
D.Technical solution
31. （Multiple Choice） （5Point(s)）
What materials should subcontractors hand over to Huawei when a subcontracting project is
A.Customer authorization document
B.Project solution
C.Network topology
D.Change records

32. （Multiple Choice） （5Point(s)）

Entry into and exit from a ( ) must comply with regulations specified by the customer or relevant
entity. Management regulations that meet customer requirements must be established for Network
Operations Centers (NOCs) and Region Network Operations Centers (RNOCs) built by Huawei.
A.Office area
B.Customer equipment room
C.Customer network management center
D.Sensitive area (for example, government or military buildings)

33. （Multiple Choice） （5Point(s)）

Which of the following statements about Huawei‘s cyber security requirements for subcontractors
A.Subcontractors must comply with Huawei‘s delivery process and cyber security redline
B.Subcontractors must strengthen the self-inspection of onsite behavior for cyber security.
C.Subcontractors must comply with cyber security regulations of the country where they are
D.Subcontractors must continuously strengthen cyber security awareness and security regulation

34. （Multiple Choice） （5Point(s)）

Which of the following operations require customers‘ prior written authorization?
A.Accessing customer networks
B.Checking device data
C.Collecting device data
D.Modifying device data

35. （Multiple Choice） （5Point(s)）

Regarding the cyber security management of subcontractors, which of the following statements are
A.Cyber security redline requirements apply only to Huawei employees, not to subcontractor
B.Subcontractor employees must not access a customer‘s systems, or collect, hold, process, or
modify any data or information on customer networks, without obtaining written authorization
C.All new suppliers involved in cyber security must pass the cyber security system qualification.
D.Subcontractor employees must comply with the rules, regulations, and management
instructions of customers and must not attack or compromise customer networks or attempt to