CSP-Assessor試験無料問題集（118題）「Swift Customer Security Programme Assessor Certification 認定」

出題：1

Is the control 2. 11 "RMA Business Controls" only about the process of validating the defined counterparty relationships?

A. No

B. Yes

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Is the restriction of Internet access only relevant when having SWIFT-related components in a secure zone?
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls

A. Yes, because if there is no secure zone, then the internet connectivity does not need to be restricted

B. No, because there can be in-scope general operator PCs used to access a SWIFT-related application hosted at a service provider

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

The Swift secure zone is composed of a Swift connector, a middleware server and a back office system Is the selection of only one of the above components a representative sample based on the High-Level Test Plan (HLTP) guidelines?

A. No

B. Yes

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

An application only uses (i) the SWIFT API for reporting and gpi basic tracker calls through (ii) a tailored account not allowing business transactions management. Is this application in scope of the CSCF? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. No, it can be descoped because there is no business transaction management being performed

B. No, it is not in scope because the API connection method is not in scope of the CSP

C. Yes, it is in scope and considered a customer connector because it reads business transaction data

D. Yes, it is in scope because the API connection method is less secure than SWIFT interfaces

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Select the supporting documents to conduct a CSP assessment. (Choose all that apply.)

A. The mapping to industry standards article

B. The Controls Matrix and High Level Test P an

C. The Customer Security Controls Framework

D. The CSP User Handbook

正解：B,C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

May an assessor rely on an ISAE 3000 report dating back 2 years to support a CSP independent assessment?
(Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. No, an ISAE 3000 report is no valid substitute as a rule

B. Yes, provided there is no change to the SWIFT user's infrastructure

C. Yes, there is no time limit for an ISAE 3000 report

D. No, that is too old, the maximum is 18 months

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Select the environment that is not in scope in a SWIFT user CSP assessment (assuming the environments are separated).
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. SWIFT infrastructure (sometimes known as Live)

B. Cold backup systems

C. Disaster Recovery

D. Development

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

The Alliance Access OS administrator can create and send financial messages.
*Connectivity
*Generic
*Products Cloud
*Products OnPrem
*Security

A. FALSE

B. TRUE

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Select the correct statement(s).

A. To verify the signature the SwiftNetLink uses the signing private key of the receiver

B. The public and private keys of a Swift certificate are stored on the Hardware Security Module

C. The decryption operation uses the encryption private key of the receiver

D. The certificate stored on the Swift Hardware Security Module is used during the decryption operation of a message

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which operator session flows are expected to be protected in terms of confidentiality and integrity? (Choose all that apply.)

A. All sessions to and from a jump server used to access a component in a secure zone

B. All sessions towards a Swift related application run by an Outsourcing Agent, a Service Bureau or an L2BA Provider

C. All sessions towards a secure zone (on-premises or hosted by a third-party or a Cloud Provider)

D. System administrator sessions towards a host running a Swift related component

正解：A,B,C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CSP-Assessor試験無料問題集「Swift Customer Security Programme Assessor Certification 認定」