Exam CISSP topic 1 question 210 discussion

Answer is D - A SOC 3 report is basically a redacted SOC2 report. It’s intended for a public audience, and is usually available on an organization’s website.

Its quite concerning to see the amount of questions that are that incorrect answers marked as "Correct Answer". SOC 2 type 1 report is clearly incorrect, it focuses on the could provider's CIA+ processes and procedures, generating a report that is CONFIDENTIAL. Correct answer should be D, SOC 3, which focuses on the same principles as SOC 2 but generates a "high view" report thatcan be freely distributed.

D is correct.

SOC 3 report is essentially a summary of the SOC 2 report. SOC 3 can be freely distributed while SOC 2 is not for distribution.

This is expressly mentioned on page 26 of the Official ISC2 CISSP CBK reference that SOC3 is a light version for distribution.

D is correct

Answer is D. SOC3. SOC2 is not for distribution.

D. SOC 3

Ans B . What is SOC 2 Type 1? SOC 2 Type 1 compliance evaluates an organization's cybersecurity controls at a single point in time. The goal is to determine whether the internal controls put in place to safeguard customer data are sufficient and designed correctly.

SOC3 because they're public.

SOC 2 reports are restricted. SOC 3 are to be freely distributed. For more info go here: https://linfordco.com/blog/soc-2-vs-soc-3/

Answer correct "Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy." https://www.imperva.com/learn/data-security/soc-2-compliance/

Correct, D

Agree with D.