[Mar 20, 2025] CSP-Assessor Sample with Accurate & Updated Questions [Q31-Q55]

[Mar 20, 2025] CSP-Assessor Sample with Accurate & Updated Questions

CSP-Assessor Exam Info and Free Practice Test | VCEDumps

NEW QUESTION # 31
Is the control 2. 11 "RMA Business Controls" only about the process of validating the defined counterparty relationships?

• A. No
• B. Yes

Answer: A

NEW QUESTION # 32
Which encryption methods are used to secure the communications between the SNL host and HSM boxes?

• A. NTLS and Telnet
• B. Telnet and SSL
• C. MPLS and SSL
• D. NTLS and SSH

Answer: D

NEW QUESTION # 33
Which user roles are available in Alliance Cloud by default. (Choose all that apply.)

• A. Message Management
• B. Role and Operator management
• C. Administrator
• D. Message Security Administrator

Answer: C

NEW QUESTION # 34
The Swift secure zone is composed of a Swift connector, a middleware server and a back office system Is the selection of only one of the above components a representative sample based on the High-Level Test Plan (HLTP) guidelines?

• A. No
• B. Yes

Answer: A

NEW QUESTION # 35
The Swift user would like to perform their CSP assessment in May for the CSCF version that will only be active as from July the same year. Is it allowed?

• A. No, an assessment can only be done on the active version of the CSCF
• B. Yes, the assessment on a particular version can start before the actual activation date

Answer: A

NEW QUESTION # 36
Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?

• A. No
• B. Yes

Answer: B

NEW QUESTION # 37
The Swift user has an sFTP server to push files to an outsourcing agent hosting the Swift users own Communication interface. What is their architecture type?

• A. A1
• B. A3
• C. B
• D. A4

Answer: C

NEW QUESTION # 38
As a Swift CSP Certified Assessor, I left the listed provider and started to work independently. Can I continue to perform CSP assessments?

• A. Yes. but not as a Swift CSP Certified assessor
• B. Yes. during the certification validity period
• C. No, this is not allowed
• D. [No, except if Swift formally provides you permission

Answer: A

NEW QUESTION # 39
The cluster of VPN boxes is also called managed-customer premises equipment (M-CPE).

• A. TRUE
• B. FALSE

Answer: A

NEW QUESTION # 40
The objective of the Customer Environment Protection control is to separate the user's Swift infrastructure which restricts malicious access from the external world and from the General IT environment of the Swift user.

• A. TRUE
• B. FALSE

Answer: A

NEW QUESTION # 41
Which operator session flows are expected to be protected in terms of confidentiality and integrity? (Choose all that apply.)

• A. All sessions towards a Swift related application run by an Outsourcing Agent, a Service Bureau or an L2BA Provider
• B. All sessions towards a secure zone (on-premises or hosted by a third-party or a Cloud Provider)
• C. System administrator sessions towards a host running a Swift related component
• D. All sessions to and from a jump server used to access a component in a secure zone

Answer: A,B,C,D

NEW QUESTION # 42
What must a Swift user implement to comply with a CSCF security control?

• A. A solution that meets the control objectives and addresses the risk drivers for the in scope components)
• B. A solution that maps the implementation guidelines described for a controls in scope components

Answer: A

NEW QUESTION # 43
A Swift user uses an application integrating a sFTP client to push files to a service bureau sFTP server What architecture type is the Swift user? (Choose all that apply.)

• A. A1
• B. A3
• C. B
• D. A4

Answer: B,C

NEW QUESTION # 44
How are online SwiftNet Security Officers authenticated?

• A. Via their swift.com account and secure code card
• B. Via their PKI certificate
• C. Via their swift.com account

Answer: B

NEW QUESTION # 45
Select the correct statement about Alliance Gateway.

• A. It is used to exchange messages over the Swift network
• B. It is used to create messages to send over the Swift network

Answer: A

NEW QUESTION # 46
A Treasury Management System (TMS) application is installed on the same machine as the customer connector (such as MQ server) connecting towards a Service Bureau Are these applications/systems in scope of CSCF?

• A. The TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basis
• B. The TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zone
• C. The TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zone
• D. Only the MO server application is in scope of the CSCF> The TMS application is considered as back-office

Answer: B

NEW QUESTION # 47
In the illustration, identify which components are in scope of the CSCF? (Choose all that apply.)

• A. Components J, K, I
• B. Components A, B, K
• C. Components C, E, M
• D. Components F, G, H

Answer: C

NEW QUESTION # 48
How many Swift Security Officers does an organization need at minimum?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

NEW QUESTION # 49
Select the correct statement(s) about the Swift Alliance Gateway. (Choose all that apply.)

• A. It allows the creation and/or modification of some Swift messages (depending on the types &/or formats)
• B. It allows sharing of PKI profiles between application or individuals, through the use of virtual profiles
• C. It acts as the single window to SwiftNet messaging services by concentrating your traffic flows
• D. The Alliance Gateway can only be accessed by a SWIFTNet user

Answer: B,C

NEW QUESTION # 50
When hesitant on the applicability of a CSCF control to a particular component? What steps should you take? (Choose all that apply.)

• A. Check appendix F of the CSCF
• B. Check carefully the Introduction section of the CSCF
• C. Call your Swift contact
• D. Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation

Answer: A,B,C,D

NEW QUESTION # 51
What type of control effectiveness needs to be validated for an independent assessment?

• A. An independent assessment is a point in time review with possible reviews of older evidence as appropriate
• B. None of the above
• C. Operational effectiveness needs to be validated
• D. Effectiveness is never validated only the control design

Answer: C

NEW QUESTION # 52
Where is the implementation of multi-factor authentication deemed sufficient to support control 4.2 compliance? (Choose all that apply.)

• A. On the General Operator PC used to access a Swift-related component
• B. When login on the jump server filtering access to local Swift secure zone
• C. When logging-in on an interface, a connector, or the system running such component
• D. When accessing an outsourcing agent or an L2BA Swift-related application

Answer: A,B,C,D

NEW QUESTION # 53
Can an internal audit department submit and approve their Swift user's attestation on the KYC-SA Swift portal?

• A. Yes, providing this is agreed by the head of IT operations and the CISO
• B. Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for switt.com. The CISO remains in charge of the approval of the attestation
• C. No, this is never an option
• D. Yes, with approval from the Chief auditor

Answer: B

NEW QUESTION # 54
......

Pass Swift CSP-Assessor Premium Files Test Engine pdf - Free Dumps Collection: https://testinsides.vcedumps.com/CSP-Assessor-examcollection.html