Free Swift CSP-Assessor Exam Questions

Question 1

How are online SwiftNet Security Officers authenticated? (Select the correct answer)•Connectivity•Generic•Products Cloud•Products OnPrem•Security

A : Via their PKI certificate

B : Via their swift.com account and secure code card

C : Via their swift.com account

Answer: B

Question 2

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : Yes, it is in scope and considered a customer connector because it reads business transaction data

B : No, it can be descoped because there is no business transaction management being performed

C : No, it is not in scope because the API connection method is not in scope of the CSP

D : Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

Answer: B

Question 3

Can an assessor re-use an ISAE 3000 report dating back 2 years to support an independent assessment?

A : No, that is too old, the maximum is 18 months

B : Yes, there is no time limit for an iSAE 3000 report

C : No, the SAE 3000 report is no validsurrogateas a rule

D : Yes, provided there is no change to the Swift user's infrastructure

Answer: A

Question 4

How are online SwiftNet Security Officers authenticated? (Select the correct answer)•Connectivity•Generic•Products Cloud•Products OnPrem•Security

A : Via their PKI certificate

B : Via their swift.com account and secure code card

C : Via their swift.com account

Answer: B

Question 5

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : Yes, it is in scope and considered a customer connector because it reads business transaction data

B : No, it can be descoped because there is no business transaction management being performed

C : No, it is not in scope because the API connection method is not in scope of the CSP

D : Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

Answer: B