Question 1

Must all CSCF controls be subject to an assessment?

Options :

A : Yes

B : No, only the mandatory controls

C : No, only the attested controls (with as a minimum the mandatory ones]

D : No, the control selection is defined between the Swift User and their assessor

Answer: C

Question 2

How are online SwiftNet Security Officers authenticated? (Select the correct answer)

•Connectivity

•Generic

•Products Cloud

•Products OnPrem

•Security

Options :

A : Via their PKI certificate

B : Via their swift.com account and secure code card

C : Via their swift.com account

Answer: B

Question 3

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift_CSP_Assessment_Report_Template

Options :

A : Yes, it is in scope and considered a customer connector because it reads business transaction data

B : No, it can be descoped because there is no business transaction management being performed

C : No, it is not in scope because the API connection method is not in scope of the CSP

D : Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

Answer: B

Question 4

The only type of HSM devices offered by Swift are HSM tokens and HSM boxes.

Options :

A : TRUE

B : FALSE

Answer: A

Question 5

The SWIFT user has a local communication interface as their main channel to SWIFT. For contingency, the SWIFT user also has a connector as a backup channel. What is the architecture type for this SWIFT user? (Select the correct answer)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift CSP Assessment Report Template

Options :

A : A1

B : A2

C : A3

D : A4

Answer: B

Free CSP-Assessor Mock Exam – Practice Online Confidently

Buying Options: