[2025年04月] CSP-Assessor 問題集完全版解答 Customer Security Programme (CSP) 試験学習ガイド [Q14-Q38]

Share

[2025年04月]更新のCSP-Assessor問題集完全版解答でCustomer Security Programme (CSP)試験学習ガイド

試験問題と解答CSP-Assessor学習ガイド


Swift CSP-Assessor 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Understanding the methodology and assessment deliverables: This section is designed for independent auditors working with Swift systems. It tests the candidate's grasp of the Assessor's role and obligations when conducting a CSP assessment. The section evaluates knowledge of key elements to consider during the assessment process.
トピック 2
  • Understanding Swift: This section of the exam measures the skills of Swift network administrators and covers Swift's crucial role in the international financial community, including the structure and operations of the Swift network and its infrastructure.
トピック 3
  • Understanding the Swift Customer Security Programme: This domain is targeted at compliance officers, and risk managers involved in Swift operations. It evaluates the candidate's comprehension of the CSP controls framework and their ability to determine the appropriate architecture type and related scope as outlined in the Customer Security Controls Framework (CSCF).

 

質問 # 14
How many Swift Security Officers does an organization need at minimum?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:C


質問 # 15
Select the correct statement(s).

  • A. The decryption operation uses the encryption private key of the receiver
  • B. To verify the signature the SwiftNetLink uses the signing private key of the receiver
  • C. The certificate stored on the Swift Hardware Security Module is used during the decryption operation of a message
  • D. The public and private keys of a Swift certificate are stored on the Hardware Security Module

正解:A、D


質問 # 16
A Swift user has remediated an exception reported by the assessor. What are their obligations before updating and submitting an attestation reflecting the new compliance level?

  • A. The first line of defense can confirm their level of compliance using a self-assessment approach
  • B. None, if the remediation has been completed, a new attestation can be submitted reflecting the compliance of the control
  • C. The exception must be re-assessed by the same independent assessor that raised the exception
  • D. The exception must be re-assessed by an independent assessor. The assessor can be different to the one who initially raised the exception

正解:D


質問 # 17
In the illustration, identify which components are in scope of the CSCF? (Choose all that apply.)

  • A. Components C, E, M
  • B. Components J, K, I
  • C. Components A, B, K
  • D. Components F, G, H

正解:A


質問 # 18
When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)

  • A. Check appendix F of the CSCF
  • B. Check carefully the Introduction section of the CSCF
  • C. Call your Swift contact
  • D. Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

正解:A、B、C、D


質問 # 19
Can an assessor re-use an ISAE 3000 report dating back 2 years to support an independent assessment?

  • A. No, the SAE 3000 report is no valid surrogate as a rule
  • B. No, that is too old, the maximum is 18 months
  • C. Yes, provided there is no change to the Swift user's infrastructure
  • D. Yes, there is no time limit for an iSAE 3000 report

正解:B


質問 # 20
Which operator session flows are expected to be protected in terms of confidentiality and integrity? (Choose all that apply.)

  • A. All sessions to and from a jump server used to access a component in a secure zone
  • B. All sessions towards a Swift related application run by an Outsourcing Agent, a Service Bureau or an L2BA Provider
  • C. All sessions towards a secure zone (on-premises or hosted by a third-party or a Cloud Provider)
  • D. System administrator sessions towards a host running a Swift related component

正解:A、B、C、D


質問 # 21
The internet connectivity restriction control prevents having internet access on any CSCE m-scope components.

  • A. TRUE
  • B. FALSE

正解:B


質問 # 22
Application Hardening basically applies the following principles. (Choose all that apply.)

  • A. Reduced footprint for less potential vulnerabilities
  • B. Least Privileges
  • C. Access on a need to have
  • D. Enhanced Straight Through Processing

正解:A、B、C


質問 # 23
Must Swift users submit a copy of their final assessment report to Swift?

  • A. Yes, in cases where a customer performs an Independent assessment rather than an audit then a copy of the assessment report must be provided. However, it is not required for the Swift user to provide any forms when an Internal/External Audit is performed
  • B. Yes, all documents produced from the assessment must be provided proactively to Swift
  • C. No, it is not required to provide Swift with any documents by default. However, Swift can request a copy of the Assessment completion letter
  • D. Yes, a copy of (only) the assessment report must be provided to Swift, no other documents

正解:C


質問 # 24
Which ones are Alliance Lite2 key components? (Choose all that apply.)

  • A. A web interface
  • B. A WebSphere MQ Server
  • C. An AutoClient
  • D. A HSM box

正解:A、C、D


質問 # 25
Which statement(s) is/are correct about the LSO/RSO accounts on a Swift Alliance Access? (Choose all that apply.)

  • A. They are responsible for the configuration and management of the security functions of the server
  • B. They are local Security Officers
  • C. They are the business profiles that can sign the Swift financial transactions
  • D. Their PKI certificates are stored either on a HSM Token or on a HSM-box

正解:A、B、D


質問 # 26
Which of the following infrastructures has the smallest Swift footprint?

  • A. Full stack of products includinq IPLA
  • B. Alliance Remote Gateway
  • C. Alliance Lite2
  • D. Full stack of products up to the Messaging Interface

正解:C


質問 # 27
Which user roles are available in Alliance Cloud by default. (Choose all that apply.)

  • A. Administrator
  • B. Message Management
  • C. Message Security Administrator
  • D. Role and Operator management

正解:A


質問 # 28
The Swift user would like to perform their CSP assessment in May for the CSCF version that will only be active as from July the same year. Is it allowed?

  • A. Yes, the assessment on a particular version can start before the actual activation date
  • B. No, an assessment can only be done on the active version of the CSCF

正解:B


質問 # 29
Using the outsourcing agent diagram. Which components must be placed in a secure zone? (Choose all that apply.)

  • A. Component D
  • B. Component C
  • C. Component A
  • D. Component B

正解:A、C


質問 # 30
Alliance Lite2 only supports the sending and receiving of FIN messages.

  • A. TRUE
  • B. FALSE

正解:B


質問 # 31
A Treasury Management System (TMS) application is installed on the same machine as the customer connector (such as MQ server) connecting towards a Service Bureau Are these applications/systems in scope of CSCF?

  • A. Only the MO server application is in scope of the CSCF> The TMS application is considered as back-office
  • B. The TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zone
  • C. The TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basis
  • D. The TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zone

正解:B


質問 # 32
As a Swift CSP Certified Assessor. Swift contacted me to provide evidence on an assessment I have performed. This is required to support their quality assurance validation process. Is it allowed?

  • A. Yes, one of the obligations of the certification programme is that quality assessment can be performed by Swift
  • B. No, it's confidential

正解:A


質問 # 33
A Swift user has moved from one Service Bureau to another What are the obligations of the Swift user in the CSP context?

  • A. None if there is no impact in the architecture tope
  • B. To reflect that in the next attestation cycle
  • C. To submit an updated attestation reflecting this change within 3 months
  • D. To inform the SB certification office at Swift WW

正解:C


質問 # 34
What are the conditions required to permit reliance on the compliance conclusion of a control assessed in the previous year? (Choose all that apply.)

  • A. The control-design and implementation are the same
  • B. The previous assessment was performed on the (correct) CSCF version of the previous year
  • C. The control definition has not changed
  • D. The control compliance conclusion must have already been relied on the past two years

正解:A、B、C


質問 # 35
Select the correct statement(s) about the Swift Alliance Gateway. (Choose all that apply.)

  • A. It allows the creation and/or modification of some Swift messages (depending on the types &/or formats)
  • B. The Alliance Gateway can only be accessed by a SWIFTNet user
  • C. It allows sharing of PKI profiles between application or individuals, through the use of virtual profiles
  • D. It acts as the single window to SwiftNet messaging services by concentrating your traffic flows

正解:C、D


質問 # 36
Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?

  • A. No
  • B. Yes

正解:B


質問 # 37
......

Swift Customer Security Programme Assessor Certification無料で更新される100%試験高合格率保証:https://jp.fast2test.com/CSP-Assessor-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어