A detailed CSP assessment report has been provided to the Swift user following the assessment. Is a completion letter also mandated to be supplied?

A. No
B. Yes
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Is it mandated to perform security awareness and other specific trainings every year for individuals with SWIFT-critical roles? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
A. No, a track record must show that both awareness and specific training are performed at least bi-yearly (every 2 years)
B. No, both awareness and specific trainings are planned when deemed required
C. Yes, and a track record must show that both awareness and specific training are performed annually
D. No, awareness training expected to be performed yearly; specific training to maintain the required knowledge only when needed
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template
A. Yes, it is in scope because the API connection method is less secure than SWIFT interfaces
B. Yes, it is in scope and considered a customer connector because it reads business transaction data
C. No, it is not in scope because the API connection method is not in scope of the CSP
D. No, it can be descoped because there is no business transaction management being performed
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Select the environment that is not in scope in a SWIFT user CSP assessment (assuming the environments are separated).
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template
A. Development
B. Cold backup systems
C. Disaster Recovery
D. SWIFT infrastructure (sometimes known as Live)
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Using the outsourcing agent diagram. Which components must be placed in a secure zone? (Choose all that apply.)


A. Component D
B. Component B
C. Component C
D. Component A
正解:A,C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
On which one of the following components must a Password/PIN Policy not be defined and implemented as per the CSCF? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
A. Jump server(s), SWIFT-related components at application level
B. Personal tokens or mobile devices used as a possession factor
C. Operator PCs, (physical or virtual) systems running SWIFT-related components, network devices protecting the secure zone(s), bridging servers
D. All equipment within the user environment
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
The Internal Audit and an external assessment company are both involved in a SWIFT user's assessment.
Both have shared control assessments to cover the full scope (meaning two separate assessment teams). Who needs to provide a completion letter? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template
A. The Internal audit lead assessor only
B. The Internal audit lead assessor and the external company lead assessor
C. The External company lead assessor only
D. None of them, it is not required when an internal department was involved in the assessment
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
1354 お客様のコメント





小松** -
試験終わりました。合格だ。このPass4Testが出る試験対策本はCSP-Assessorの出題範囲をカバーした参考書だな