ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company, a publicly traded U.S. retailer, intends to move its general-ledger application to an overseas IaaS provider. To satisfy Sarbanes-Oxley obligations, the risk team needs independent assurance that the provider's controls relevant to financial reporting were not only suitably designed but also operated effectively throughout the last fiscal year. Which single auditor's report should the team request from the provider?
An ISO/IEC 27001 certificate from an accredited registrar
A SOC 1 Type II report issued under SSAE 18
A SOC 3 report attesting to compliance with the trust services principles
A SOC 2 Type I report covering the security trust service criteria
A SOC 1 Type II report (issued under SSAE 18) is designed to cover controls at a service organization that are relevant to user entities' internal control over financial reporting. A Type II opinion addresses both the suitability of design and the operating effectiveness of those controls over a defined review period (typically 6-12 months), making it appropriate for Sarbanes-Oxley compliance.
A SOC 2 Type I only assesses design at a single point in time and focuses on Trust Services Criteria, not financial reporting.
A SOC 3 is a general-use summary of a SOC 2 and similarly does not address ICFR in detail.
An ISO/IEC 27001 certificate shows the presence of an ISMS but gives no attestation regarding financial-reporting controls or their effectiveness over time.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SOC 1 Type II report, and why is it relevant for Sarbanes-Oxley compliance?
Open an interactive chat with Bash
How does a SOC 1 Type II report differ from a SOC 2 Type I?
Open an interactive chat with Bash
Why doesn’t an ISO/IEC 27001 certificate fulfill Sarbanes-Oxley requirements?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .