Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CSP-Assessor Exam Dumps - Customer Security Programme Assessor Certification(CSPAC)

Go to page:
Question # 17

When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)

A.

Call your Swift contact

B.

Check appendix F of the CSCF

C.

Check carefully the Introduction section of the CSCF

D.

Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

Full Access
Question # 18

For which reasons (as per the "CSP Independent Assessment Process for Assessors Guidelines") is it required to keep minutes of all key meetings related to a CSP assessment process (examples: kick-off, scope definition, exit meeting)? (Select all answers that apply)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift_CSP_Assessment_Report_Template

A.

To support quality review (audit) processes

B.

For documentation purpose

C.

To keep key information that can be used as input for the next step in the assessment process

D.

To be uploaded in KYC-SA at the end of the assessment (mandated by SWIFT)

Full Access
Question # 19

Select the components a SwiftNet Link (SNL) may communicate with. (Choose all that apply.)

A.

The Graphical User Interface

B.

The VPN boxes

C.

The HSM device

D.

The messaging interface (such as Alliance Access)

Full Access
Question # 20

The SWIFT user has installed its own Communication Interface on a dedicated virtual machine offered by a public cloud provider. Under which provider category does the public cloud provider fit, and what is the CSP impact? (Select the correct answer)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

A.

The public cloud provider is considered a L2BA provider, and therefore not in scope of the CSP

B.

The public cloud provider is considered a SWIFT connectivity provider, and therefore not in scope of the CSP

C.

The public cloud provider is considered an outsourcing agent, and therefore in scope of the CSP

D.

This type of implementation is not allowed by the CSP

Full Access
Question # 21

The SWIFT user has a local communication interface as their main channel to SWIFT. For contingency, the SWIFT user also has a connector as a backup channel. What is the architecture type for this SWIFT user? (Select the correct answer)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift CSP Assessment Report Template

A.

A1

B.

A2

C.

A3

D.

A4

Full Access
Question # 22

Is it necessary to formally explain to the Swift user the testing methodology that will be used for the CSP assessment during the kick-off?

A.

Yes

B.

No

Full Access
Question # 23

What are the key elements that usually need to be considered by a cloud provider in an IaaS cloud model? (Select the two correct answers that apply)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift_CSP_Assessment_Report_Template

A.

The cloud provider must cover all CSCF controls applicable to the related in-scope components for which the cloud provider is responsible (such as the underlying infrastructure in line with appendix G)

B.

The cloud provider must give comfort of control implementation effectiveness on the virtualization layer hosting the SWIFT users' components

C.

The cloud provider must give full assurance on the change management process of the SWIFT-users' components/applications deployed by the user

D.

The cloud provider must give comfort regarding the resiliency put in place to ensure continuity of SWIFT connectivity service

Full Access
Question # 24

May an assessor rely on an ISAE 3000 report dating back 2 years to support a CSP independent assessment? (Select the correct answer)

•Swift Customer Security Controls Policy

•Swift Customer Security Controls Framework v2025

•Independent Assessment Framework

•Independent Assessment Process for Assessors Guidelines

•Independent Assessment Framework - High-Level Test Plan Guidelines

•Outsourcing Agents - Security Requirements Baseline v2025

•CSP Architecture Type - Decision tree

•CSP_controls_matrix_and_high_test_plan_2025

•Assessment template for Mandatory controls

•Assessment template for Advisory controls

•CSCF Assessment Completion Letter

•Swift_CSP_Assessment_Report_Template

A.

No, that is too old, the maximum is 18 months

B.

Yes, there is no time limit for an ISAE 3000 report

C.

No, an ISAE 3000 report is no valid substitute as a rule

D.

Yes, provided there is no change to the SWIFT user’s infrastructure

Full Access
Go to page: