ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization processes customer financial data in AWS and relies on a third-party SaaS provider from AWS Marketplace that receives daily transaction logs through a cross-account role. Company policy requires an annual supplier risk review to confirm that the provider's security controls were effective throughout the past year. Which single document would give the MOST appropriate assurance?
The provider's marketing brochure highlighting product features and uptime statistics
An internal whitepaper in which the provider describes its secure development lifecycle
A recent SOC 2 Type II audit report that covers the provider's controls for the last 12 months
An ISO/IEC 27001 certificate issued to the provider three years ago
A SOC 2 Type II report is produced by an independent auditor and covers both the design and operating effectiveness of a service provider's controls over a defined period (typically 6-12 months). Because it evaluates whether the controls functioned as intended during that period, it offers strong, time-bound assurance that satisfies an annual supplier risk review.
An ISO/IEC 27001 certificate demonstrates that an organization's information security management system met the standard at the time of certification, but it does not provide the same depth of evidence about control operation over the past year and is valid for up to three years. An internal whitepaper and a marketing brochure are self-generated materials; they are neither independent nor comprehensive assessments of control effectiveness, so they offer limited assurance for risk review purposes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SOC 2 Type II report?
Open an interactive chat with Bash
How does an ISO/IEC 27001 certificate differ from a SOC 2 Type II report?
Open an interactive chat with Bash
What is AWS cross-account access?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .