Shared Infrastructure Programme

The Shared Infrastructure Programme defines operational standards for third-party service bureaux offering SWIFT connectivity - ensuring quality, security and reliability.

Skills certification for SWIFT service bureaux

Here you’ll find sample exam questions for our Service Bureau Skills Certification process.

Alliance Gateway

Question 1

Your back office application is configured to communicate with Alliance Gateway using data encryption. This morning you see in the Alliance Gateway Event Log that SSL certificate has expired. You now need to renew it before your back office application can send/receive messages via Alliance Gateway again.

  • True
  • False

Question 2

In order to modify the SSL settings of SAG, you need to:

  • Run the sag_configraconnection command on the SAG system and restart the SAG bootstrap
  • Be logged on the SAG system itself or on a system that connects to the SAG over Remote API
  • Run the sag_configconnection command and perform the desired changes without restarting the SAG bootstrap

Question 3

Is %99 a string which can be contained in a DN ?

  • True
  • False

SWIFTNet Link

Question 1

Select the correct statement regarding zone-forwarding DNS Server on the customer host:

  • It is used to prevent SWIFTNet-related DNS queries from being sent to SWIFTNet DNS
  • A zone-forwarding DNS server must be configured to have no local data, to contact SWIFTNet DNS for names in the domain swiftnet.sipn.swift.com and to contact a corporate/local DNS server for any other names.
  • A zone-forwarding DNS server can be installed on any machine that is not known to SWIFT as a SWIFTNet Link host.
  • One shared zone-forwarding DNS server provides a resilient solution for SWIFTNet-related DNS queries.

Question 2

Select the correct statement regarding the renewal of certificates:

  • There is no automatic renewal process for the SWIFTNet Link instance certificates and keys. Manual recovery must occur at least once every 18 months.
  • Automatic renewal of an entity's certificate is possible only within a window of 120 days of the corresponding private key or public key expiry date (whichever comes earlier).
  • There is no automatic renewal process for web certificates and keys. You must always manually recover the certificates.
  • One way of manually renewing a certificate is to run the certlist command during the renewal period of the certificate

Hardware Security Module (HSM)

Question 1

Select the correct statement(s) about the certificate lock-out policy on the HSM box:

  • You can use the SwHSMEnforceNoLockout command to enable or disable the "NoLockout" feature on an HSM box  
  • When you enable the "NoLockout" feature on an HSM box, all profiles will not get locked out, even in case of multiple invalid login attempts
  • The "Enforce Lockout Policy" option of the SwHSMManagePartitions command enhances the lockout policy of an individual partition of HSM box to lock the partition, even though the "NoLockout" policy at the HSM box level is not enabled
  • You can only enable or disable the "NoLockout" feature on a HSM box using a SWIFTNet Link that is not registered to the HSM box

Question 2

Which of the following statements is correct when the Remote PED key PIN is lost?

  • The HSM box needs to be zeroised to recreate the Remote PED key.
  • The Remote PED cannot be used anymore.
  • A new Remote PED key can only be created if the HSM box is not in a cluster.
  • You can run the SwHSMManageUsers script to change the PIN for the Remote PED key.

Web platform

Question 1

An Alliance Web Platform needs to be configured to perform the following: Alliance Access configuration and monitoring, Alliance Gateway configuration. Excluding the Alliance Web Platform Administration, how many GUI packages need to be installed?

  • 2
  • 3
  • Not possible
  • None of the above

Question 2

It is possible to reconfigure Alliance Web Platform to use a hosted Oracle database instead of the embedded database using the tool "swp_config -embedded db".

  • True
  • False

Question 3

On Windows, Is the following instance and user configuration valid? Alliance Web Platform instance name: SWP99; Windows "Administrator" password: Ini_05=SWP/; Alliance Web Platform windows user: Owner-01

  • No,  the Alliance Web Platform owner account name contains invalid characters
  • Yes
  • No,  the Alliance Web Platform owner account name contains invalid characters
  • No, the Administrator password and the Alliance Web Platform owner account contain invalid characters

Alliance Access

Question 1

During cold start, you may not want to send the ACK of the re-sent messages to your back office (which might encounter problems receiving two ACKs for the same message). How can you prevent these messages from being sent to the back-office?

  • You can route the instances differently based on the routing keyword 'Is_ColdStartReactivated'.
  • You can use the configuration parameter 'Send notif Cold Start' to enable/disable notifications for cold start messages.
  • On each emission profile, you can indicate whether you want to receive notifications for messages sent during cold start.

Question 2

You have a firewall between Alliance Access and Alliance Workstation. Which ports do you need to open on this firewall?

  • You need to open ports for communication from the Workstation to the Alliance Access server
  • You need to open ports for communication from the Alliance Access server to the Workstation
  • You need to open ports for communication from the Alliance Access server to the Alliance Workstation and from Alliance Workstation to the Alliance Access server
  • You do not need to open any ports

Question 3

The import of Send or Get File templates can be done with the saa_import

  • True
  • False