Swift CSP-Assessor Exam Practice Test Instant Access

Question 1

What must a Swift user implement to comply with a CSCF security control?

AA solution that maps the implementation guidelines described for a controls in scope components

BA solution that meets the control objectives and addresses the risk drivers for the in scope components)

Answer : B

Question 2

What are the conditions required to permit reliance on the compliance conclusion of a control assessed in the previous year? (Choose all that apply.)

AThe control compliance conclusion must have already been relied on the past two years

BThe previous assessment was performed on the (correct) CSCF version of the previous year

CThe control definition has not changed

DThe control-design and implementation are the same

Answer : B, C, D

Question 3

Select the supporting documents to conduct a CSP assessment. (Choose all that apply.)

AThe CSP User Handbook

BThe mapping to industry standards article

CThe Controls Matrix and High Level Test P an

DThe Customer Security Controls Framework

Answer : D

Question 4

A Treasury Management System (TMS) application is installed on the same machine as the customer connector (such as MQ server) connecting towards a Service Bureau Are these applications/systems in scope of CSCF?

AThe TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zone

BThe TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zone

COnly the MO server application is in scope of the CSCF> The TMS application is considered as back-office

DThe TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basis

Answer : A

Question 5

A Swift user has moved from one Service Bureau to another What are the obligations of the Swift user in the CSP context?

ATo inform the SB certification office at Swift WW

BTo reflect that in the next attestation cycle

CNone if there is no impact in the architecture tope

DTo submit an updated attestation reflecting this change within 3 months

Answer : D

Question 6

The cluster of VPN boxes is also called managed-customer premises equipment (M-CPE).

ATRUE

BFALSE

Answer : A

Question 7

When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)

ACall your Swift contact

BCheck appendix F of the CSCF

CCheck carefully the Introduction section of the CSCF

DOpen a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

Answer : A, B, C, D

Swift Customer Security Programme Assessor Certification Exam Practice Test