ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam
Go to Exam

Exam CCAK topic 1 question 59 discussion

Actual exam question from Isaca's CCAK
Question #: 59
Topic #: 1
[All CCAK Questions]

Your company is purchasing an application from a vendor. They do not allow you to perform an on-site audit on their information system. However, they say, they will provide the third-party audit attestation on the adequate control design within their environment. Which report is the vendor providing you?

  • A. SOC 3
  • B. SOC 2, TYPE 2
  • C. SOC 1
  • D. SOC 2, TYPE 1
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by bportuguez at Nov. 19, 2022, 4:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bportuguez
Highly Voted 2 years, 3 months ago
Selected Answer: D
Should be D. The sentence only mention "desing" not mention effectiveness of the controls
upvoted 5 times
...
Auditor2020
Most Recent 3 months, 3 weeks ago
Selected Answer: B
B. SOC 2, TYPE 2 In this scenario, the vendor is likely providing you with a SOC 2, Type 2 report. A SOC 2, Type 2 report includes an attestation on the adequacy of the design and operating effectiveness of controls over a period of time. This type of report is specifically focused on the controls relevant to security, availability, processing integrity, confidentiality, and privacy of the system, making it suitable for assessing the control environment of a vendor providing cloud or other IT services.
upvoted 1 times
...
Delta67
1 year, 12 months ago
SOC 2 defines the criteria for managing customer data based on five trust service principles. C,I,A, Service Integrity, and Security SOC 2 is is an auditing procedure that ensures your Service Providers securely manage your data in the interests of the organization and the privacy of its clients. The answer should be SOC2 Type 1 - Describes the Design effectiveness of the Vendor Systems whether the design meets the organizations trust principles. SOC 2 Type 2 - details the Operational Effectiveness of those systems
upvoted 2 times
...
Ghac101
2 years, 3 months ago
Yes, Type 1 is Design, Type 2 effectiveness over a Periode of time
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago