ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is migrating a regulated workload from its own data center, where auditors regularly log on to servers and perform physical inspections, to a multitenant public IaaS platform. While preparing the first cloud-based internal audit plan, which additional action is most critical to ensure you can still gather adequate evidence of the provider's operating security controls without violating common cloud-provider restrictions on direct testing and physical access?
Schedule authenticated vulnerability and penetration tests against the provider's management plane without prior notification to validate its security posture.
Request the provider's most recent SOC 2 Type II report and map its control statements to your audit objectives.
Negotiate temporary root access to the underlying physical hosts during the audit window to confirm baseline configurations.
Arrange a site visit to the provider's data center so auditors can visually inspect the hypervisor hardware hosting your virtual machines.
Public cloud providers normally prohibit customers from directly accessing hypervisors, running intrusive scans, or visiting data-center floors. Instead, they commission independent assessors to produce attestation reports-most commonly a SOC 2 Type II under SSAE 18 or ISAE 3000-that detail the design and operating effectiveness of security, availability, processing integrity, confidentiality, and privacy controls over a defined period. Reviewing and mapping that report to internal audit objectives supplies defensible evidence while respecting the provider's policies.
A SOC 2 Type II report offers the required assurance, so the corresponding choice is correct.
On-site hardware inspections are almost always disallowed in public cloud and would yield little value because the hardware is shared.
Uncoordinated vulnerability or penetration testing against the provider's management plane breaches most cloud acceptable-use policies.
Root access to physical hosts is never granted to customers in multitenant environments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SOC 2 Type II report?
Open an interactive chat with Bash
Why are physical inspections and direct testing not permitted in public cloud environments?
Open an interactive chat with Bash
What does it mean to map SOC controls to audit objectives?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .