Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?
A SOC 2 (System and Organization Controls 2) audit reviews an organization’s controls for assuring the confidentiality, integrity, and availability of data. It is based on the AICPA's Trust Services Criteria (TSC), which include:
Security
Availability
Processing Integrity
Confidentiality
Privacy
SOC 2 reports are typically used by cloud service providers (CSPs), SaaS companies, and data processors to demonstrate compliance with security and data protection requirements.
Why Not the Others?
A. SOC 1 → Focuses on financial reporting controls, not IT security or data protection.
C. SOC 3 → A publicly available summary of a SOC 2 report but without detailed security controls.
D. SOC 4 → Does not exist in the SSAE auditing framework.
This section is not available anymore. Please use the main Exam Page.CCSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaciekMT
1 month, 3 weeks agoakg001
4 months, 4 weeks ago