Free Swift CSP-Assessor Exam Questions

Question 1

When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)

A : Call your Swift contact

B : Check appendix F of the CSCF

C : Check carefully the Introduction section of the CSCF

D : Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

Answer: A,B,C,D

Question 2

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : Yes, it is in scope and considered a customer connector because it reads business transaction data

B : No, it can be descoped because there is no business transaction management being performed

C : No, it is not in scope because the API connection method is not in scope of the CSP

D : Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

Answer: B

Question 3

What are the possible impacts for a SWIFT user to be non-compliant to CSP? (Select the two correct answers that apply)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : To be reported to their supervisors (if applicable)

B : To be seen as non-compliant to their counterparts in KYC-SA

C : To be contacted by SWIFT to provide the CSP assessment report and detailed information about the reason of non-compliance

D : To be delisted from the BIC directory

Answer: B,C

Question 4

A Swift user has moved from one Service Bureau to another What are the obligations of the Swift user in the CSP context?

A : To inform the SB certification office at Swift WW

B : To reflect that in the next attestation cycle

C : None if there is no impact in the architecture tope

D : To submit an updated attestation reflecting this change within 3 months

Answer: D

Question 5

A Treasury Management System (TMS) application is installed on the same machine as the customer connector, connecting to a Service Bureau. Are these applications/systems in scope of CSCF? (Select the correct answer)•Swift Customer Security Controls Policy•Swift Customer Security Controls Framework v2025•Independent Assessment Framework•Independent Assessment Process for Assessors Guidelines•Independent Assessment Framework - High-Level Test Plan Guidelines•Outsourcing Agents - Security Requirements Baseline v2025•CSP Architecture Type - Decision tree•CSP_controls_matrix_and_high_test_plan_2025•Assessment template for Mandatory controls•Assessment template for Advisory controls•CSCF Assessment Completion Letter•Swift_CSP_Assessment_Report_Template

A : The TMS application, the customer connector, and the hosting system are in the scope of the CSCF

B : Only the customer connector application is in scope of the CSCF. The TMS application is a back-office

C : The TMS application is the highest risk and must be secured appropriately. The customer connector should be secured on a best effort basis

D : The TMS application, the customer connector, and the hosting system are in scope only if they connect directly to SWIFT, not towards a Service Bureau

Answer: A