Free Swift CSP-Assessor Exam Questions

Question 1

For which reasons (as per the "CSP Independent Assessment Process for Assessors Guidelines") is it required to keep minutes of all key meetings related to a CSP assessment process (examples: kick-off, scope definition, exit meeting)? (Select all answers that apply)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : To support quality review (audit) processes

B : For documentation purpose

C : To keep key information that can be used as input for the next step in the assessment process

D : To be uploaded in KYC-SA at the end of the assessment (mandated by SWIFT)

Answer: A,B,C

Question 2

A Swift user has moved from one Service Bureau to another What are the obligations of the Swift user in the CSP context?

A : To inform the SB certification office at Swift WW

B : To reflect that in the next attestation cycle

C : None if there is no impact in the architecture tope

D : To submit an updated attestation reflecting this change within 3 months

Answer: D

Question 3

A Treasury Management System (TMS) application is installed on the same machine as the customer connector, connecting to a Service Bureau. Are these applications/systems in scope of CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : The TMS application, the customer connector, and the hosting system are in the scope of the CSCF

B : Only the customer connector application is in scope of the CSCF. The TMS application is a back-office

C : The TMS application is the highest risk and must be secured appropriately. The customer connector should be secured on a best effort basis

D : The TMS application, the customer connector, and the hosting system are in scope only if they connect directly to SWIFT, not towards a Service Bureau

Answer: A

Question 4

For which reasons (as per the "CSP Independent Assessment Process for Assessors Guidelines") is it required to keep minutes of all key meetings related to a CSP assessment process (examples: kick-off, scope definition, exit meeting)? (Select all answers that apply)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : To support quality review (audit) processes

B : For documentation purpose

C : To keep key information that can be used as input for the next step in the assessment process

D : To be uploaded in KYC-SA at the end of the assessment (mandated by SWIFT)

Answer: A,B,C

Question 5

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : Yes, it is in scope and considered a customer connector because it reads business transaction data

B : No, it can be descoped because there is no business transaction management being performed

C : No, it is not in scope because the API connection method is not in scope of the CSP

D : Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

Answer: B