Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization is preparing the annual SOC 2 audit for a critical workload that was recently moved from an on-premises data center to a public IaaS provider. During audit planning you must decide how the auditors will obtain evidence for controls that are now implemented and operated by the cloud service provider (CSP), such as physical security and hypervisor hardening. Which action should receive the highest priority in the audit plan to ensure these out-of-scope controls are adequately covered?

  • Request the CSP's latest independent attestation (such as a SOC 2 Type II report) and map its control coverage to the audit objectives.

  • Require each tenant in the CSP's environment to perform full backup-and-restore tests during the on-site audit window.

  • Schedule credentialed vulnerability scans of the CSP's hypervisors to verify patch currency and configuration baselines.

  • Plan to extract random samples of the organization's production data from the cloud environment to test encryption at rest.

ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot