Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CCSP All Questions

View all questions & answers for the CCSP exam
Go to Exam

Exam CCSP topic 1 question 65 discussion

Actual exam question from ISC's CCSP
Question #: 65
Topic #: 1
[All CCSP Questions]

Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

  • A. SAS-70
  • B. SOC 2
  • C. SOC 1
  • D. SOX
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CISSP_Wannabe at March 12, 2021, 9:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Kneebee
8 months, 3 weeks ago
B correct - SAS70 was superseded by the SSAE 16 auditing standard in 2011
upvoted 1 times
...
hanyahmed
1 year, 11 months ago
Selected Answer: B
SOC2 is the right answer
upvoted 3 times
...
certifiedgeek
2 years, 6 months ago
SAS70 is already defunct and SOX is not applicable for cloud providers. The question has "instill confidence" doesn't mean the report will shared. SOC1 and SOC2 reports both provide this confidence. SOC2 is the better choice among the two. Not among the choices, I would prefer SOC3 report as "potential" costumers are listed in the question.
upvoted 4 times
...
Voldamort
2 years, 10 months ago
Selected Answer: A
It would have to be SAS-70 (now defunct) SOC 1 is financial, SOC 2 would be good but a cloud provide is not going to give that to you. SOX is there to throw you. SAS-70 Type 1 had an auditors report 'Opinion' and a SOC 2 - Type 1 style report. SOC 3 would be best but is not there.
upvoted 1 times
serget12
2 years, 1 month ago
Don't think it can be SAS-70, This report(SOC 1) is the replacement of the Statement on Auditing Standards No. 70(SAS 70). SAS-70 is deprecated. I agree that SOC 2 is usually considered a restricted report but not sure that is important to answering the question.
upvoted 1 times
...
...
deegadaze1
3 years, 8 months ago
B correct - SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
upvoted 2 times
...
CISSP_Wannabe
3 years, 8 months ago
Is this correct - I would have thought based on this list SOX is the best answer - can’t think why SAS-70 (replaced by SSAE No 16, which is actually, SOC-1, SOC-2, and SOC-3. SOC-1 is financial and SOC-2 is effectiveness of controls and these are not on offer to potential customers. So that leaves SOX as the potential (best) answer?
upvoted 2 times
deegadaze1
3 years, 8 months ago
Sarbanes-Oxley (SOX); is U.S. law meant to protect investors from fraudulent accounting activities by corporations. SOC-2 is the best option...
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel