ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company has outsourced its ERP system to a multi-tenant SaaS provider. The provider mails you a current SOC 1 Type II report that details controls over its datacenter physical security, hypervisor management, and perimeter firewalls. The internal audit team must still gather evidence for the upcoming SOX assessment. Which control should the internal auditors plan to test themselves because it remains the customer's responsibility despite the external audit coverage?
Badge-controlled access to the provider's colocation facility
Configuration of border firewalls protecting the SaaS platform
Timely installation of operating-system patches on the CSP's virtualization hosts
Creation and de-provisioning of user accounts within the SaaS ERP modules
A SOC 1 Type II report describes the controls operated and tested at the service-provider level. Physical security of the datacenter, patch management of the virtualization hosts, and configuration of the perimeter firewalls are all provider-managed controls that have already been independently assessed in the CSP's report. Provisioning and de-provisioning user accounts inside the ERP application, however, is a logical access control exercised by the customer's own administrators. Because that activity directly affects the integrity of the customer's financial records and is not performed by the provider, it must be tested by the customer's internal auditors to satisfy SOX requirements. The other options are provider-side controls that can be relied upon through the external SOC report and therefore do not normally require additional internal testing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SOC 1 Type II report?
Open an interactive chat with Bash
What is SOX compliance in relation to IT audits?
Open an interactive chat with Bash
What is the difference between provider-managed controls and customer-managed controls?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .