swift csp-assessor practice test

How are online SwiftNet Security Officers authenticated?

• A. Via their PKI certificate
• B. Via their swift.com account and secure code card
• C. Via their swift.com account

Select the correct statement about Alliance Gateway.

• A. It is used to exchange messages over the Swift network
• B. It is used to create messages to send over the Swift network

When hesitant on the applicability of a CSCF control to a particular component? What steps should
you take? (Choose all that apply.)

• A. Call your Swift contact
• B. Check appendix F of the CSCF
• C. Check carefully the Introduction section of the CSCF
• D. Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

The cluster of VPN boxes is also called managed-customer premises equipment (M-CPE).

• A. TRUE
• B. FALSE

The Swift user would like to perform their CSP assessment in May for the CSCF version that will only
be active as from July the same year. Is it allowed?

• A. No, an assessment can only be done on the active version of the CSCF
• B. Yes, the assessment on a particular version can start before the actual activation date

Which encryption methods are used to secure the communications between the SNL host and HSM
boxes?

• A. NTLS and SSH
• B. Telnet and SSL
• C. NTLS and Telnet
• D. MPLS and SSL

Which of the following statements best describe valid implementations when implementing control
2.9 Transaction Business Controls? (Choose all that apply.)

• A. Multiple measures must be implemented by the Swift user to validate the flows of transactions are in the bounds of the normal expected business
• B. A customer designed implementation or a combination of different measures are deemed valid if they sufficiently mitigate the control risks
• C. Reliance on a recent business assessment or regulator response confirming the effectiveness of the control (as an example CPMI's_ requirement) is especially poignant to this control
• D. Any solutions is acceptable so long as the CISO approves the implementation

A detailed CSP assessment report has been provided to the Swift user following the assessment. Is a
completion letter also mandated to be supplied?

• A. Yes
• B. No

Is the control 2. 11 "RMA Business Controls” only about the process of validating the defined
counterparty relationships?

• A. Yes
• B. No

As a Swift CSP Certified Assessor. Swift contacted me to provide evidence on an assessment I have
performed. This is required to support their quality assurance validation process. Is it allowed?

• A. Yes, one of the obligations of the certification programme is that quality assessment can be performed by Swift
• B. No, it's confidential