[2025年04月]更新のCSP-Assessor問題集完全版解答でCustomer Security Programme (CSP)試験学習ガイド
試験問題と解答CSP-Assessor学習ガイド
Swift CSP-Assessor 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
質問 # 14
How many Swift Security Officers does an organization need at minimum?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
質問 # 15
Select the correct statement(s).
- A. The decryption operation uses the encryption private key of the receiver
- B. To verify the signature the SwiftNetLink uses the signing private key of the receiver
- C. The certificate stored on the Swift Hardware Security Module is used during the decryption operation of a message
- D. The public and private keys of a Swift certificate are stored on the Hardware Security Module
正解:A、D
質問 # 16
A Swift user has remediated an exception reported by the assessor. What are their obligations before updating and submitting an attestation reflecting the new compliance level?
- A. The first line of defense can confirm their level of compliance using a self-assessment approach
- B. None, if the remediation has been completed, a new attestation can be submitted reflecting the compliance of the control
- C. The exception must be re-assessed by the same independent assessor that raised the exception
- D. The exception must be re-assessed by an independent assessor. The assessor can be different to the one who initially raised the exception
正解:D
質問 # 17
In the illustration, identify which components are in scope of the CSCF? (Choose all that apply.)

- A. Components C, E, M
- B. Components J, K, I
- C. Components A, B, K
- D. Components F, G, H
正解:A
質問 # 18
When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)
- A. Check appendix F of the CSCF
- B. Check carefully the Introduction section of the CSCF
- C. Call your Swift contact
- D. Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation
正解:A、B、C、D
質問 # 19
Can an assessor re-use an ISAE 3000 report dating back 2 years to support an independent assessment?
- A. No, the SAE 3000 report is no valid surrogate as a rule
- B. No, that is too old, the maximum is 18 months
- C. Yes, provided there is no change to the Swift user's infrastructure
- D. Yes, there is no time limit for an iSAE 3000 report
正解:B
質問 # 20
Which operator session flows are expected to be protected in terms of confidentiality and integrity? (Choose all that apply.)
- A. All sessions to and from a jump server used to access a component in a secure zone
- B. All sessions towards a Swift related application run by an Outsourcing Agent, a Service Bureau or an L2BA Provider
- C. All sessions towards a secure zone (on-premises or hosted by a third-party or a Cloud Provider)
- D. System administrator sessions towards a host running a Swift related component
正解:A、B、C、D
質問 # 21
The internet connectivity restriction control prevents having internet access on any CSCE m-scope components.
- A. TRUE
- B. FALSE
正解:B
質問 # 22
Application Hardening basically applies the following principles. (Choose all that apply.)
- A. Reduced footprint for less potential vulnerabilities
- B. Least Privileges
- C. Access on a need to have
- D. Enhanced Straight Through Processing
正解:A、B、C
質問 # 23
Must Swift users submit a copy of their final assessment report to Swift?
- A. Yes, in cases where a customer performs an Independent assessment rather than an audit then a copy of the assessment report must be provided. However, it is not required for the Swift user to provide any forms when an Internal/External Audit is performed
- B. Yes, all documents produced from the assessment must be provided proactively to Swift
- C. No, it is not required to provide Swift with any documents by default. However, Swift can request a copy of the Assessment completion letter
- D. Yes, a copy of (only) the assessment report must be provided to Swift, no other documents
正解:C
質問 # 24
Which ones are Alliance Lite2 key components? (Choose all that apply.)
- A. A web interface
- B. A WebSphere MQ Server
- C. An AutoClient
- D. A HSM box
正解:A、C、D
質問 # 25
Which statement(s) is/are correct about the LSO/RSO accounts on a Swift Alliance Access? (Choose all that apply.)
- A. They are responsible for the configuration and management of the security functions of the server
- B. They are local Security Officers
- C. They are the business profiles that can sign the Swift financial transactions
- D. Their PKI certificates are stored either on a HSM Token or on a HSM-box
正解:A、B、D
質問 # 26
Which of the following infrastructures has the smallest Swift footprint?
- A. Full stack of products includinq IPLA
- B. Alliance Remote Gateway
- C. Alliance Lite2
- D. Full stack of products up to the Messaging Interface
正解:C
質問 # 27
Which user roles are available in Alliance Cloud by default. (Choose all that apply.)
- A. Administrator
- B. Message Management
- C. Message Security Administrator
- D. Role and Operator management
正解:A
質問 # 28
The Swift user would like to perform their CSP assessment in May for the CSCF version that will only be active as from July the same year. Is it allowed?
- A. Yes, the assessment on a particular version can start before the actual activation date
- B. No, an assessment can only be done on the active version of the CSCF
正解:B
質問 # 29
Using the outsourcing agent diagram. Which components must be placed in a secure zone? (Choose all that apply.)

- A. Component D
- B. Component C
- C. Component A
- D. Component B
正解:A、C
質問 # 30
Alliance Lite2 only supports the sending and receiving of FIN messages.
- A. TRUE
- B. FALSE
正解:B
質問 # 31
A Treasury Management System (TMS) application is installed on the same machine as the customer connector (such as MQ server) connecting towards a Service Bureau Are these applications/systems in scope of CSCF?
- A. Only the MO server application is in scope of the CSCF> The TMS application is considered as back-office
- B. The TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zone
- C. The TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basis
- D. The TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zone
正解:B
質問 # 32
As a Swift CSP Certified Assessor. Swift contacted me to provide evidence on an assessment I have performed. This is required to support their quality assurance validation process. Is it allowed?
- A. Yes, one of the obligations of the certification programme is that quality assessment can be performed by Swift
- B. No, it's confidential
正解:A
質問 # 33
A Swift user has moved from one Service Bureau to another What are the obligations of the Swift user in the CSP context?
- A. None if there is no impact in the architecture tope
- B. To reflect that in the next attestation cycle
- C. To submit an updated attestation reflecting this change within 3 months
- D. To inform the SB certification office at Swift WW
正解:C
質問 # 34
What are the conditions required to permit reliance on the compliance conclusion of a control assessed in the previous year? (Choose all that apply.)
- A. The control-design and implementation are the same
- B. The previous assessment was performed on the (correct) CSCF version of the previous year
- C. The control definition has not changed
- D. The control compliance conclusion must have already been relied on the past two years
正解:A、B、C
質問 # 35
Select the correct statement(s) about the Swift Alliance Gateway. (Choose all that apply.)
- A. It allows the creation and/or modification of some Swift messages (depending on the types &/or formats)
- B. The Alliance Gateway can only be accessed by a SWIFTNet user
- C. It allows sharing of PKI profiles between application or individuals, through the use of virtual profiles
- D. It acts as the single window to SwiftNet messaging services by concentrating your traffic flows
正解:C、D
質問 # 36
Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?
- A. No
- B. Yes
正解:B
質問 # 37
......
Swift Customer Security Programme Assessor Certification無料で更新される100%試験高合格率保証:https://jp.fast2test.com/CSP-Assessor-premium-file.html