CSP-Assessor Dumps with Practice Exam Questions Answers
CSP-Assessor by Customer Security Programme (CSP) Actual Free Exam Practice Test
Swift CSP-Assessor Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
NEW QUESTION # 28
Using the outsourcing agent diagram. Which components must be placed in a secure zone? (Choose all that apply.)

- A. Component D
- B. Component A
- C. Component C
- D. Component B
Answer: A,B
NEW QUESTION # 29
The only type of HSM devices offered by Swift are HSM tokens and HSM boxes.
- A. FALSE
- B. TRUE
Answer: B
NEW QUESTION # 30
Can an assessor re-use an ISAE 3000 report dating back 2 years to support an independent assessment?
- A. No, that is too old, the maximum is 18 months
- B. No, the SAE 3000 report is no valid surrogate as a rule
- C. Yes, provided there is no change to the Swift user's infrastructure
- D. Yes, there is no time limit for an iSAE 3000 report
Answer: A
NEW QUESTION # 31
Which encryption methods are used to secure the communications between the SNL host and HSM boxes?
- A. NTLS and SSH
- B. MPLS and SSL
- C. NTLS and Telnet
- D. Telnet and SSL
Answer: A
NEW QUESTION # 32
A Swift user uses an application integrating a sFTP client to push files to a service bureau sFTP server What architecture type is the Swift user? (Choose all that apply.)
- A. A1
- B. B
- C. A4
- D. A3
Answer: B,D
NEW QUESTION # 33
Which of the following statements best describe valid implementations when implementing control 2.9 Transaction Business Controls? (Choose all that apply.)
- A. Multiple measures must be implemented by the Swift user to validate the flows of transactions are in the bounds of the normal expected business
- B. Reliance on a recent business assessment or regulator response confirming the effectiveness of the control (as an example CPMI's_ requirement) is especially poignant to this control
- C. A customer designed implementation or a combination of different measures are deemed valid if they sufficiently mitigate the control risks
- D. Any solutions is acceptable so long as the CISO approves the implementation
Answer: A,B,C
NEW QUESTION # 34
Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?
- A. Yes
- B. No
Answer: A
NEW QUESTION # 35
In an entity having a small infrastructure and only 2 operators, the HR manager explains in a short interview how the security training is implemented providing one example. Would it be acceptable?
- A. Yes. it's a risk based testing approach this can be enough in this case
- B. No. more evidence are required
Answer: A
NEW QUESTION # 36
A Swift user relies on a sFTP server to connect through an externally exposed connection with a service provider or a group hub What architecture type is the Swift user? (Choose all that apply.)
- A. A1
- B. A4
- C. A2
- D. A3
Answer: B,C
NEW QUESTION # 37
What does the CSCF expect in terms of Database Integrity? (Choose all that apply.)
- A. Alerts generated from performed integrity checks are captured and analysed for appropriate treatment
- B. Nothing is needed when the messaging or connector integrates/embeds an integrity check functionality at each Swift transaction record level.
- C. When a database is used by a messaging interface or connector, the related hosted database and its supporting system must be protected as a Swift-related component and exceptions alerted
Answer: A,C
NEW QUESTION # 38
In the illustration, identify which components are in scope of the CSCF? (Choose all that apply.)

- A. Components F, G, H
- B. Components A, B, K
- C. Components C, E, M
- D. Components J, K, I
Answer: C
NEW QUESTION # 39
The internet connectivity restriction control prevents having internet access on any CSCE m-scope components.
- A. TRUE
- B. FALSE
Answer: B
NEW QUESTION # 40
How are online SwiftNet Security Officers authenticated?
- A. Via their swift.com account and secure code card
- B. Via their PKI certificate
- C. Via their swift.com account
Answer: B
NEW QUESTION # 41
The Swift secure zone is composed of a Swift connector, a middleware server and a back office system Is the selection of only one of the above components a representative sample based on the High-Level Test Plan (HLTP) guidelines?
- A. No
- B. Yes
Answer: A
NEW QUESTION # 42
Which operator session flows are expected to be protected in terms of confidentiality and integrity? (Choose all that apply.)
- A. All sessions to and from a jump server used to access a component in a secure zone
- B. System administrator sessions towards a host running a Swift related component
- C. All sessions towards a Swift related application run by an Outsourcing Agent, a Service Bureau or an L2BA Provider
- D. All sessions towards a secure zone (on-premises or hosted by a third-party or a Cloud Provider)
Answer: A,B,C,D
NEW QUESTION # 43
The objective of the Customer Environment Protection control is to separate the user's Swift infrastructure which restricts malicious access from the external world and from the General IT environment of the Swift user.
- A. FALSE
- B. TRUE
Answer: B
NEW QUESTION # 44
The Swift user has an sFTP server to push files to an outsourcing agent hosting the Swift users own Communication interface. What is their architecture type?
- A. A1
- B. B
- C. A4
- D. A3
Answer: B
NEW QUESTION # 45
What are the conditions required to permit reliance on the compliance conclusion of a control assessed in the previous year? (Choose all that apply.)
- A. The control-design and implementation are the same
- B. The previous assessment was performed on the (correct) CSCF version of the previous year
- C. The control definition has not changed
- D. The control compliance conclusion must have already been relied on the past two years
Answer: A,B,C
NEW QUESTION # 46
Can an internal audit department submit and approve their Swift user's attestation on the KYC-SA Swift portal?
- A. Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for switt.com. The CISO remains in charge of the approval of the attestation
- B. Yes, providing this is agreed by the head of IT operations and the CISO
- C. Yes, with approval from the Chief auditor
- D. No, this is never an option
Answer: A
NEW QUESTION # 47
Where is the implementation of multi-factor authentication deemed sufficient to support control 4.2 compliance? (Choose all that apply.)
- A. When logging-in on an interface, a connector, or the system running such component
- B. On the General Operator PC used to access a Swift-related component
- C. When login on the jump server filtering access to local Swift secure zone
- D. When accessing an outsourcing agent or an L2BA Swift-related application
Answer: A,B,C,D
NEW QUESTION # 48
What must a Swift user implement to comply with a CSCF security control?
- A. A solution that maps the implementation guidelines described for a controls in scope components
- B. A solution that meets the control objectives and addresses the risk drivers for the in scope components)
Answer: B
NEW QUESTION # 49
Which statement(s) is/are correct about the LSO/RSO accounts on a Swift Alliance Access? (Choose all that apply.)
- A. They are the business profiles that can sign the Swift financial transactions
- B. They are local Security Officers
- C. They are responsible for the configuration and management of the security functions of the server
- D. Their PKI certificates are stored either on a HSM Token or on a HSM-box
Answer: B,C,D
NEW QUESTION # 50
......
Free Customer Security Programme (CSP) CSP-Assessor Exam Question: https://www.prep4sureguide.com/CSP-Assessor-prep4sure-exam-guide.html
CSP-Assessor dumps & Customer Security Programme (CSP) sure practice dumps: https://drive.google.com/open?id=1LqL6Xui6x_5IZNMxXbEDAfZwyuoPG9wM