Swift Customer Security Programme Assessor Certification (CSP-Assessor) Free Practice Test

Question 1

What are the conditions required to permit reliance on the compliance conclusion of a control assessed in the previous year? (Choose all that apply.)

A. The previous assessment was performed on the (correct) CSCF version of the previous year

B. The control-design and implementation are the same

C. The control compliance conclusion must have already been relied on the past two years

D. The control definition has not changed

Correct Answer: A,B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

As a Swift CSP Certified Assessor. Swift contacted me to provide evidence on an assessment I have performed. This is required to support their quality assurance validation process. Is it allowed?

A. No, it's confidential

B. Yes, one of the obligations of the certification programme is that quality assessment can be performed by Swift

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Is the restriction of Internet access only relevant when having SWIFT-related components in a secure zone?
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls

A. Yes, because if there is no secure zone, then the internet connectivity does not need to be restricted

B. No, because there can be in-scope general operator PCs used to access a SWIFT-related application hosted at a service provider

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

May an assessor approve a SWIFT User's KYC-SA attestation? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. No, it is the responsibility of the SWIFT user's internal audit to submit a CSP attestation

B. Yes, with agreement from the CISO of the SWIFT User

C. Yes, if the KYC-SA application is set up in 2-eyes mode, it is possible for the assessor to submit and approve an attestation on behalf of the SWIFT user's

D. No, the approval always remains the responsibility of the CISO of the SWIFT User (or similar level of responsibility)

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?

A. No

B. Yes

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

There are open exceptions leading to multiple CSP controls being non-compliant. How should the SWIFT user proceed? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. The user must remediate all the exceptions within 3 months before submitting the CSP attestation in KYC-SA

B. The SWIFT user may remediate the exceptions and re-submit an updated attestation reflecting the new compliance status but only after compliance validation by an independent assessor

C. The SWIFT user may remediate the exceptions and then re-submit an attestation reflecting the new compliance status, but only after compliance validation by the same independent assessor

D. The attestation cannot be submitted before all exceptions are resolved

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

The Swift user has an sFTP server to push files to an outsourcing agent hosting the Swift users own Communication interface. What is their architecture type?

A. A1

B. B

C. A4

D. A3

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

In the case that nothing has changed in the SWIFT user's infrastructure, is it possible to rely on a previous Independent assessment report without performing another independent assessment? (Select the correct answer)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. Yes, full reliance can be provided if the CISO of the SWIFT user signs a letter which confirms that nothing has changed

B. Yes, full reliance can be provided without the need of an independent assessment if nothing has changed

C. No, even if nothing has changed, an independent assessor needs to perform a full assessment including full testing every year

D. No, even if nothing has changed, an independent assessor needs to assess the conditions before being able to rely on the previous year's assessment

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

The SWIFT HSM Box must be hardened at the system level by the SWIFT user owning the equipment.
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*CSCF Assessment Completion Letter
*Swift_CSP_Assessment_Report_Template

A. FALSE

B. TRUE

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Must Swift users submit a copy of their final assessment report to Swift?

A. Yes, in cases where a customer performs an Independent assessment rather than an audit then a copy of the assessment report must be provided. However, it is not required for the Swift user to provide any forms when an Internal/External Audit is performed

B. No, it is not required to provide Swift with any documents by default. However, Swift can request a copy of the Assessment completion letter

C. Yes, all documents produced from the assessment must be provided proactively to Swift

D. Yes, a copy of (only) the assessment report must be provided to Swift, no other documents

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Swift Customer Security Programme Assessor Certification (CSP-Assessor) Free Practice Test