The "SWIFT footprint" refers to the extent of SWIFT-related infrastructure (hardware, software, and connectivity components) that a user must manage within their environment. A smaller footprint means less local infrastructure to maintain, typically achieved through cloud-based or managed services. Let’s evaluate each option:

• Option A: Full stack of products up to the Messaging Interface

This refers to an on-premises deployment where the user manages a complete set of SWIFT components, including the messaging interface (e.g., Alliance Access), communication interface (e.g., Alliance Gateway), SwiftNet Link (SNL), HSM, and VPN boxes for connectivity to the SWIFT network. This setup requires significant local infrastructure, including servers, security devices, and network components, resulting in a large SWIFT footprint.

• Option B: Alliance Remote Gateway

Alliance Remote Gateway (ARG) is a service where the Alliance Gateway is hosted remotely by SWIFT or a third party, but the user still maintains a messaging interface (e.g., Alliance Access) locally. While this reduces the footprint slightly by outsourcing the communication interface, the user still manages the messaging interface, HSM, and local connectivity components, resulting in a moderate footprint.

• Option C: Lite 2 or Alliance Cloud

This is the correct answer. Alliance Lite2 and Alliance Cloud are cloud-based solutions designed for smaller institutions or those seeking a minimal local footprint. In Alliance Lite2, the user connects to SWIFT via a lightweight client (Alliance Lite2 AutoClient) or a browser-based interface, with most infrastructure (e.g., messaging interface, communication interface, HSM) hosted by SWIFT in the cloud. Alliance Cloud similarly hosts the full SWIFT stack (including Alliance Access and Alliance Gateway) in a SWIFT-managed cloud environment, requiring only minimal local infrastructure (e.g., a secure connection to the cloud). This results in the smallest SWIFT footprint, as the user manages very little on-premises infrastructure. The CSCF still applies, but many controls are managed by SWIFT (e.g., "1.1 SWIFT Environment Protection").

• Option D: A user with a Messaging Interface behind a Service Bureau

A Service Bureau is a third-party provider that hosts SWIFT infrastructure (e.g., Alliance Gateway, SNL) for multiple users, but the user still maintains a local messaging interface (e.g., Alliance Access) to connect to the Service Bureau. This setup reduces the footprint compared to a full on-premises deployment, as the user does not manage the communication interface or network connectivity components. However, the local messaging interface and associated security components (e.g., HSM) still constitute a larger footprint than a fully cloud-based solution like Alliance Lite2 or Alliance Cloud.

Summary of Correct Answer:

Alliance Lite2 or Alliance Cloud (C) has the smallest SWIFT footprint, as most infrastructure is hosted in the cloud by SWIFT, minimizing the user’s local management responsibilities.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 applies to cloud deployments like Alliance Cloud, reducing the user’s local footprint.

• SWIFT Alliance Lite2 Documentation: Describes the minimal infrastructure required for Lite2 users.

• SWIFT Alliance Cloud Documentation: Highlights the fully hosted nature of the solution, minimizing the SWIFT footprint.

========

CSCF Control "4.2 Intrusion Detection" requires SWIFT users to detect unauthorized access or activities within the SWIFT environment. The "Swift Customer Security Controls Framework v2025" allows flexibility in meeting this control using various technologies. Let’s evaluate each option:

• Option A: NIDS (Network Intrusion Detection System)

This is valid. NIDS monitors network traffic to detect intrusions (e.g., on VPN boxes), aligning with Control "4.2" by identifying external threats.

• Option B: HIDS (Host Intrusion Detection System)

This is valid. HIDS monitors individual hosts (e.g., servers running Alliance Access) for suspicious activities, supporting Control "4.2" for internal threat detection.

• Option C: EDR and XDR (Endpoint Detection and Response, Extended Detection and Response)

This is valid. EDR and XDR provide advanced monitoring and response capabilities for endpoints and across environments, meeting Control "4.2" requirements for detecting and responding to intrusions.

• Option D: A combination of all of the above

This is correct. The CSCF encourages a layered security approach, and the "CSP_controls_matrix_and_high_test_plan_2025" and "Assessment template for Mandatory controls" accept a combination of NIDS, HIDS, EDR, and XDR to comprehensively meet Control "4.2," depending on the architecture and risk profile.

Summary of Correct Answer:

Intrusion Detection Control can be met through a combination of NIDS, HIDS, EDR, and XDR (D).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 4.2 allows multiple detection technologies.

• CSP_controls_matrix_and_high_test_plan_2025: Supports combined approaches.

• Assessment template for Mandatory controls: Includes various intrusion detection methods.

========

The "Independent Assessment Framework" and "Independent Assessment Process for Assessors Guidelines" mandate that CSP assessments and attestations be conducted by an independent, certified assessor, not the user’s internal audit department. Let’s evaluate each option:

• Option A: Yes, providing this is agreed by the head of IT operations and the CISO

This is incorrect. Internal agreement does not override the CSP’s requirement for independence.

• Option B: No, this is never an option

This is correct. The CSP prohibits internal audit departments from submitting or approving attestations on the KYC-SA portal, as they lack the independence required by the "Independent Assessment Framework." Only an external, certified assessor can perform and approve the assessment, with the CISO or designated user submitting the attestation based on the assessor’s report.

• Option C: Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for swift.com. The CISO remains in charge of the approval of the attestation

This is incorrect. Internal auditors cannot submit or approve attestations, even with credentials, due to the independence requirement.

• Option D: Yes, with approval from the Chief Auditor

This is incorrect. Chief Auditor approval does not satisfy the CSP’s independence mandate.

Summary of Correct Answer:

An internal audit department cannot submit or approve the attestation (B).

References to SWIFT Customer Security Programme Documents:

• Independent Assessment Framework: Requires independent assessors.

• Independent Assessment Process for Assessors Guidelines: Prohibits internal assessments for attestation.

• Swift_CSP_Assessment_Report_Template: Specifies external assessor input.

========

This question determines the scope of the CSCF for a Treasury Management System (TMS) and an MQ server (customer connector) installed on the same machine.

Step 1: Understand CSCF Scope

The CSCF v2024 defines its scope as systems directly involved in Swift messaging, connectivity, or security (e.g., customer connectors, messaging interfaces), as per Control 1.1: Swift Environment Protection . Back-office systems, like TMS, are typically out of scope unless they directly process Swift messages.

Step 2: Analyze the Scenario

TMS Application : A Treasury Management System is a back-office application for financial management, not a Swift messaging component. The CSCF v2024 excludes back-office systems from mandatory scope unless they pose a direct risk to Swift components.

MQ Server (Customer Connector) : This middleware server connects to a Service Bureau, facilitating Swift traffic, making it in scope per Control 1.1 .

Hosting System : The machine hosting both applications is in scope only to the extent it supports the MQ server, not the TMS.

Step 3: Evaluate Each Option

A. The TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zone Incorrect. The TMS is out of scope, and the hosting system’s inclusion depends on the MQ server, not the TMS. Conclusion : Incorrect.

B. The TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zone Incorrect. The CSCF advisory scope applies to best practices, not mandatory controls, and does not mandate a secure zone for out-of-scope TMS. Conclusion : Incorrect.

C. Only the MQ server application is in scope of the CSCF. The TMS application is considered as back-office Correct. The MQ server is a customer connector, in scope per Control 1.1 , while the TMS is a back-office system, excluded from mandatory scope per the CSCF v2024 Introduction. Conclusion : Correct.

D. The TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basis Incorrect. The MQ server, as a Swift component, has higher CSCF priority, while TMS risk is managed outside CSCF scope. Conclusion : Incorrect.

Step 4: Conclusion and Verification

The correct answer is C , as only the MQ server is in scope, and the TMS is a back-office system excluded from CSCF requirements.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 1.1: Swift Environment Protection, Introduction Section: Scope.

Swift CSP FAQ , Section: Back-Office Systems.

Alliance Messaging Hub (AMH) is a SWIFT product designed as a centralized messaging platform for financial institutions, enabling them to manage multiple messaging flows, including SWIFT and non-SWIFT networks. Let’s evaluate each statement:

• Statement A: AMH is highly resilient, and can consist of multiple instances and sites in parallel

This is true. AMH is designed for high availability and resilience, supporting deployments across multiple instances and sites to ensure continuity of operations. This capability is critical for large financial institutions handling high volumes of transactions. SWIFT documentation highlights AMH’s ability to operate in a distributed architecture, with instances running in parallel across primary and backup sites. This aligns with CSCF Control "1.1 SWIFT Environment Protection," which emphasizes the need for resilient infrastructure to prevent disruptions in the SWIFT environment.

• Statement B: AMH provides advanced integration capabilities

This is true. AMH offers advanced integration features, allowing institutions to connect various back-office systems, payment engines, and other financial applications to a single hub. It supports multiple message standards (e.g., SWIFT MT, ISO 20022) and provides transformation and routing capabilities, making it a versatile integration platform. This is a key selling point of AMH, as noted in SWIFT’s product documentation, enabling seamless interoperability across diverse systems.

• Statement C: AMH is a messaging interface able to connect to other financial networks, not only SWIFT

This is true. AMH is not limited to SWIFT messaging; it can connect to other financial networks, such as domestic payment systems, real-time gross settlement (RTGS) systems, or proprietary networks. AMH acts as a universal messaging hub, supporting multiple protocols and standards beyond SWIFT’s ecosystem (e.g., FIX for securities trading). This capability is well-documented in SWIFT’s AMH product overview, positioning it as a flexible solution for institutions with diverse connectivity needs.

• Statement D: All of the above

Since all three statements (A, B, and C) are true, this option is the correct answer. AMH’s design for resilience, advanced integration, and multi-network connectivity makes it a comprehensive messaging solution.

Summary of Correct Answer:

All statements about AMH are true, making "All of the above" (D) the correct choice.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 emphasizes resilience, which AMH supports through its architecture.

• SWIFT Alliance Messaging Hub Documentation: Highlights AMH’s multi-site resilience, integration capabilities, and support for non-SWIFT networks.

• SWIFT Product Overview: Describes AMH as a universal messaging hub for SWIFT and other financial networks.

========

This question requires identifying the component types of the numbered components (1, 2, 3, and 4) in the provided diagram, which illustrates a Swift infrastructure with Architecture Type A4 (user environment) and Architecture Type A1 (group hub). The classification is based on the Swift Customer Security Controls Framework (CSCF) v2024 and related architecture definitions.

Step 1: Understand the Diagram and Component Types

The diagram shows two environments:

Architecture Type A4 : The user’s local environment with back-office systems using middleware clients and servers.

Architecture Type A1 : A group hub hosting Swift components like Alliance Access, Alliance Gateway, and HSM/PKI, connecting to the Swift network.

Component Types :

Customer Connector : A system or server that facilitates connectivity between the user’s environment and the Swift infrastructure (e.g., middleware servers interfacing with the group hub).

Bridging Server (Middleware Server) : A server that bridges data flows between back-office systems and the Swift messaging environment, often handling message queuing or transformation.

Step 2: Analyze Each Numbered Component

Component 1 (Middleware Server connected to Back Office 1) : This server is part of the A4 architecture, interfacing the back-office middleware client with the group hub (A1). It acts as a connector, facilitating data exchange to the MQHA (Message Queue High Availability) server in the group hub. Per the CSCF v2024 and Swift Architecture Types Explained , this is a Customer Connector .

Component 2 (MQHA Middleware Server in the Group Hub) : This server is within the A1 group hub, bridging the user’s data (via the customer connector) to the Alliance Access and Gateway. It handles message queuing and acts as a Bridging Server (Middleware Server) , as defined in the Swift Alliance Gateway Technical Documentation .

Component 3 (Middleware Server connected to Back Office 2) : Similar to Component 1, this server connects the second back-office middleware client to the MQHA server in the group hub, functioning as a Customer Connector .

Component 4 (MQ Middleware Server connected to MQHA) : This server within the A1 group hub supports the MQHA, bridging data flows to the Swift messaging components (Alliance Access/Gateway). It is a Bridging Server (Middleware Server) , consistent with the CSCF v2024 definitions.

Step 3: Match with Options

A. 1. Customer Connector, 2. Bridging Server (Middleware Server), 3. Customer Connector, 4. Bridging Server (Middleware Server) : Matches the analysis above.

B. 1. Customer Connector, 2. Bridging Server (Middleware Server), 3. Customer Connector, 4. Customer Connector : Incorrect, as Component 4 is a bridging server, not a customer connector.

C. 1. Bridging Server (Middleware Server), 2. Bridging Server (Middleware Server), 3. Bridging Server (Middleware Server), 4. Bridging Server (Middleware Server) : Incorrect, as Components 1 and 3 are customer connectors, not bridging servers.

D. 1. Customer Connector, 2. Customer Connector, 3. Customer Connector, 4. Customer Connector : Incorrect, as Components 2 and 4 are bridging servers.

Step 4: Conclusion and Verification

The correct answer is A , as it accurately identifies the component types based on their roles in the A4 and A1 architectures, consistent with CSCF v2024 and Swift Architecture Types Explained .

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 1.1: Swift Environment Protection.

Swift Architecture Types Explained , Section: Component Roles.

Swift Alliance Gateway Technical Documentation , Section: Middleware and Connectors.

The CSCF and "Outsourcing Agents - Security Requirements Baseline v2025" define responsibilities for securing virtualization or cloud platforms hosting SWIFT-related components. Let’s evaluate each combination:

• Option A: For on-premises virtualization platform: by the platform provider

This is not correct. An on-premises virtualization platform (e.g., VMware or Hyper-V hosting Alliance Gateway) is managed by the SWIFT user, not the platform provider (e.g., VMware). The "platform provider" supplies the software, but the user is responsible for securing the on-premises environment, including hardening, patching, and compliance with CSCF Control "2.3 System Hardening."

• Option B: For virtualization platform deployed at a third party on which user’s SWIFT-related components are virtually hosted: by the third party

This is correct. If the virtualization platform is hosted by a third party (e.g., a service provider hosting SWIFT components), the third party is responsible for securing the platform, as per the "Outsourcing Agents - Security Requirements Baseline v2025" and CSCF Control "1.1."

• Option C: For on-premises container platform: by the SWIFT user

This is correct. An on-premises container platform (e.g., Docker or Kubernetes hosting SWIFT applications) is the user’s responsibility to secure, aligning with CSCF Control "1.1" and the user’s ownership of on-premises infrastructure.

• Option D: For Cloud Provider: the cloud provider

This is correct. In a cloud model (e.g., IaaS like Alliance Cloud on AWS), the cloud provider (e.g., AWS) is responsible for securing the underlying platform, as outlined in the "Outsourcing Agents - Security Requirements Baseline v2025."

Summary of Correct Answer:

The combination that is not correct is A, as the SWIFT user, not the platform provider, is responsible for securing an on-premises virtualization platform.

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 1.1 defines responsibilities for on-premises platforms.

• Outsourcing Agents - Security Requirements Baseline v2025: Specifies third-party and cloud provider responsibilities.

• Independent Assessment Framework: Confirms user responsibility for on-premises setups.

This question compares the SWIFT footprint (components within the CSP scope) across different infrastructures:

Step 1: Define SWIFT Footprint

The SWIFT footprint includes all systems and components handling SWIFT messaging or connectivity, as defined in CSCF Control 1.1 – SWIFT Environment Protection.

This question focuses on the encryption methods securing communications between the SwiftNet Link (SNL) host and Hardware Security Module (HSM) boxes in the Swift environment.

Step 1: Understand SNL and HSM Communication

The SwiftNet Link (SNL) facilitates secure connectivity to the Swift network, while the HSM manages cryptographic keys. Secure communication between the SNL host and HSM is critical, as outlined in Control 2.5B: Cryptographic Key Management of the CSCF v2024 . These communications must use strong encryption protocols.

Step 2: Evaluate Each Option

A. NTLS and SSH

NTLS (Network Transport Layer Security) : This is Swift’s proprietary protocol for securing communications over the SwiftNet network, including between SNL and HSM. It provides end-to-end encryption and is widely used in Swift infrastructure, as confirmed in the Swift Alliance Gateway Technical Documentation .

SSH (Secure Shell) : SSH is used for secure management and administration of HSMs and SNL hosts, enabling encrypted remote access and configuration, as noted in Swift Security Best Practices . This combination aligns with Swift’s security requirements for protecting HSM communications. Conclusion : This is correct.

B. Telnet and SSL

Telnet : An unencrypted protocol, unsuitable for secure communications, and not used in Swift’s security framework per Control 2.6: Internet Accessibility Restriction .

SSL (Secure Sockets Layer) : An older encryption protocol, largely replaced by TLS in modern systems. Swift does not specify SSL for SNL-HSM communications, favoring NTLS. Conclusion : This is incorrect.

C. NTLS and Telnet

NTLS : As above, this is valid for SwiftNet communications.

Telnet : As an unencrypted protocol, it is not acceptable for securing HSM communications, per Control 2.5B . Conclusion : This is incorrect.

D. MPLS and SSL

MPLS (Multiprotocol Label Switching) : A networking technology for routing, not an encryption method, and not relevant to SNL-HSM security.

SSL : As above, not used in this context by Swift. Conclusion : This is incorrect.

Step 3: Conclusion and Verification

The correct answer is A , as NTLS secures the data communication and SSH provides secure management access between the SNL host and HSM, consistent with CSCF v2024 and Swift technical documentation.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 2.5B: Cryptographic Key Management, Control 2.6: Internet Accessibility Restriction.

Swift Alliance Gateway Technical Documentation , Section: Network Security Protocols.

Swift Security Best Practices , Section: HSM and SNL Configuration.

A Hardware Security Module (HSM) box in the SWIFT context is a secure device used to manage cryptographic keys and perform security operations, such as signing and encryption for SWIFT transactions. Let’s evaluate each option:

• Option A: Private keys

This is correct. The primary function of an HSM box in the SWIFT environment is to securely store and manage private keys, which are part of the Public Key Infrastructure (PKI) used for asymmetric cryptography. Private keys are used for signing messages to ensure authenticity and integrity, and for decryption to maintain confidentiality. The HSM protects these private keys from unauthorized access, aligning with CSCF Control "1.3 Cryptographic Failover," which mandates the use of HSMs to safeguard cryptographic materials. SWIFT documentation specifies that private keys are stored within the HSM, while public keys are distributed separately (e.g., via certificates).

• Option B: Public keys

This is incorrect. Public keys are not stored in the HSM box. Instead, they are embedded in PKI certificates and distributed to other parties (e.g., SWIFT or counterparties) for verification and encryption purposes. The HSM’s role is to protect the sensitive private keys, not to store public keys, which are openly shared as part of the PKI ecosystem.

• Option C: Both private and public keys

This is incorrect. While the HSM may temporarily handle public keys during cryptographic operations (e.g., for certificate validation), its primary and secure storage function is limited to private keys. Storing both types of keys is not a standard practice in SWIFT’s HSM usage, as public keys are managed outside the HSM in certificate repositories or directories.

Summary of Correct Answer:

The HSM box stores private keys (A), ensuring the security of cryptographic operations in the SWIFT environment.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.3 mandates HSMs for storing private keys securely.

• SWIFT Security Guidelines: Details the HSM’s role in managing private keys for PKI operations.

• SWIFT HSM Documentation: Confirms that private keys are stored in the HSM, with public keys managed externally.

========