A Swift user relies on a sFTP server to connect through an externally exposed connection with a service provider or a group hub.
What architecture type is the Swift user? (Choose all that apply.)
- A . A1
- B . A2
- C . A3
- D . A4
Application Hardening basically applies the following principles. (Choose all that apply.)
- A . Least Privileges
- B . Access on a need to have
- C . Reduced footprint for less potential vulnerabilities
- D . Enhanced Straight Through Processing
Using the outsourcing agent diagram.
Which components must be placed in a secure zone? (Choose all that apply.)
- A . Component A
- B . Component B
- C . Component C
- D . Component D
In the illustration, identify which components are in scope of the CSCF? (Choose all that apply.)
- A . Components A, B, K
- B . Components J, K, I
- C . Components F, G, H
- D . Components C, E, M
Can a Swift user choose to implement the security controls (example: logging and monitoring) in systems which are not directly in scope of the CSCE?
- A . Yes
- B . No
Select the correct statement(s) about the Swift Alliance Gateway. (Choose all that apply.)
- A . It acts as the single window to SwiftNet messaging services by concentrating your traffic flows
- B . It allows sharing of PKI profiles between application or individuals, through the use of virtual profiles
- C . It allows the creation and/or modification of some Swift messages (depending on the types &/or formats)
- D . The Alliance Gateway can only be accessed by a SWIFTNet user
The internet connectivity restriction control prevents having internet access on any CSCE m-scope components.
- A . TRUE
- B . FALSE
Select the correct statement(s).
- A . The public and private keys of a Swift certificate are stored on the Hardware Security Module
- B . The certificate stored on the Swift Hardware Security Module is used during the decryption operation of a message
- C . The decryption operation uses the encryption private key of the receiver
- D . To verify the signature the SwiftNetLink uses the signing private key of the receiver
The Swift HSM boxes:
- A . Are located at the network partner premises and managed by Swift
- B . Are located at the Swift user premises and managed by Swift
- C . Are located at the Swift user premises and managed by the Swift user
- D . Are located at the network partner premises and managed by Swift the network partner
What type of control effectiveness needs to be validated for an independent assessment?
- A . Effectiveness is never validated only the control design
- B . An independent assessment is a point in time review with possible reviews of older evidence as appropriate
- C . Operational effectiveness needs to be validated
- D . None of the above
How are online SwiftNet Security Officers authenticated?
- A . Via their PKI certificate
- B . Via their swift.com account and secure code card
- C . Via their swift.com account
Select the correct statement about Alliance Gateway.
- A . It is used to exchange messages over the Swift network
- B . It is used to create messages to send over the Swift network
When hesitant on the applicability of a CSCF control to a particular component?
What steps should you take? (Choose all that apply.)
- A . Call your Swift contact
- B . Check appendix F of the CSCF
- C . Check carefully the Introduction section of the CSCF
- D . Open a case with Swift support via the case manager on swift com if further information or solution cannot be found in the documentation
The cluster of VPN boxes is also called managed-customer premises equipment (M-CPE).
- A . TRUE
- B . FALSE
The Swift user would like to perform their CSP assessment in May for the CSCF version that will only be active as from July the same year. Is it allowed?
- A . No, an assessment can only be done on the active version of the CSCF
- B . Yes, the assessment on a particular version can start before the actual activation date
Which encryption methods are used to secure the communications between the SNL host and HSM boxes?
- A . NTLS and SSH
- B . Telnet and SSL
- C . NTLS and Telnet
- D . MPLS and SSL
Which of the following statements best describe valid implementations when implementing control 2.9 Transaction Business Controls? (Choose all that apply.)
- A . Multiple measures must be implemented by the Swift user to validate the flows of transactions are in the bounds of the normal expected business
- B . A customer designed implementation or a combination of different measures are deemed valid if they sufficiently mitigate the control risks
- C . Reliance on a recent business assessment or regulator response confirming the effectiveness of the control (as an example CPMI’s_ requirement) is especially poignant to this control
- D . Any solutions is acceptable so long as the CISO approves the implementation
A detailed CSP assessment report has been provided to the Swift user following the assessment. Is a completion letter also mandated to be supplied?
- A . Yes
- B . No
Is the control 2. 11 "RMA Business Controls” only about the process of validating the defined counterparty relationships?
- A . Yes
- B . No
As a Swift CSP Certified Assessor. Swift contacted me to provide evidence on an assessment I have performed. This is required to support their quality assurance validation process. Is it allowed?
- A . Yes, one of the obligations of the certification programme is that quality assessment can be performed by Swift
- B . No, it’s confidential