swift CSP-ASSESSOR Exam Questions

Questions for the CSP-ASSESSOR were updated on : Nov 21 ,2025

Page 1 out of 4. Viewing questions 1-15 out of 57

Question 1

Is it necessary to formally explain to the Swift user the testing methodology that will be used for the
CSP assessment during the kick-off?

  • A. Yes
  • B. No
Answer:

A

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 2

Can an assessor re-use an ISAE 3000 report dating back 2 years to support an independent
assessment?

  • A. No, that is too old, the maximum is 18 months
  • B. Yes, there is no time limit for an iSAE 3000 report
  • C. No, the SAE 3000 report is no valid surrogate as a rule
  • D. Yes, provided there is no change to the Swift user's infrastructure
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

The Physical Security protection control is also aimed at protecting the “on call” and “working from
home” employees’ equipment used to access the Swift-related components.

  • A. TRUE
  • B. FALSE
Answer:

A

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 4

The objective of the Customer Environment Protection control is to separate the user's Swift
infrastructure which restricts malicious access from the external world and from the General IT
environment of the Swift user.

  • A. TRUE
  • B. FALSE
Answer:

A

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 5

Which user roles are available in Alliance Cloud by default. (Choose all that apply.)

  • A. Role and Operator management
  • B. Message Management
  • C. Administrator
  • D. Message Security Administrator
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

The Alliance Web Platform Administrator uses both the GUI and command line to perform
configuration and monitoring tasks on AWP SE.

  • A. TRUE
  • B. FALSE
Answer:

A

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 7

A Swift user can only exchange FIN messages via the Swift network.

  • A. TRUE
  • B. FALSE
Answer:

B

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 8

Which of the following infrastructures has the smallest Swift footprint?

  • A. Full stack of products up to the Messaging Interface
  • B. Alliance Remote Gateway
  • C. Alliance Lite2
  • D. Full stack of products includinq IPLA
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

The Swift user has an sFTP server to push files to an outsourcing agent hosting the Swift users own
Communication interface. What is their architecture type?

  • A. A1
  • B. B
  • C. A3
  • D. A4
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is expected regarding Token Management when (physical or software-based) tokens are used?
(Choose all that apply.)

  • A. Similar to user accounts, individual assignment and ownership for accurate traceability and revocation in case of potential tampering, loss or in case of user role change
  • B. Have in place a strict token assignment process. This avoids the need to perform g a regular review of assigned tokens
  • C. Individuals must not share their tokens. Tokens must remain under the control and supervision of its owner
  • D. All tokens must be stored in a safe when not used
Answer:

A, C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

A Swift user has remediated an exception reported by the assessor. What are their obligations before
updating and submitting an attestation reflecting the new compliance level?

  • A. The exception must be re-assessed by an independent assessor. The assessor can be different to the one who initially raised the exception
  • B. The exception must be re-assessed by the same independent assessor that raised the exception
  • C. The first line of defense can confirm their level of compliance using a self-assessment approach
  • D. None, if the remediation has been completed, a new attestation can be submitted reflecting the compliance of the control
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

The only type of HSM devices offered by Swift are HSM tokens and HSM boxes.

  • A. TRUE
  • B. FALSE
Answer:

A

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 13

Must all CSCF controls be subject to an assessment?

  • A. Yes
  • B. No, only the mandatory controls
  • C. No, only the attested controls (with as a minimum the mandatory ones]
  • D. No, the control selection is defined between the Swift User and their assessor
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

As a Swift CSP Certified Assessor, I left the listed provider and started to work independently. Can I
continue to perform CSP assessments?

  • A. Yes. during the certification validity period
  • B. No, this is not allowed
  • C. Yes. but not as a Swift CSP Certified assessor
  • D. [No, except if Swift formally provides you permission
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which statement(s) is/are correct about the LSO/RSO accounts on a Swift Alliance Access? (Choose
all that apply.)

  • A. They are local Security Officers
  • B. Their PKI certificates are stored either on a HSM Token or on a HSM-box
  • C. They are the business profiles that can sign the Swift financial transactions
  • D. They are responsible for the configuration and management of the security functions of the server
Answer:

A, B, D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2