Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 24 discussion

Actual exam question from ISC's CISSP
Question #: 24
Topic #: 1
[All CISSP Questions]

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

  • A. Statement on Auditing Standards (SAS) 70
  • B. Service Organization Control 1 (SOC1)
  • C. Service Organization Control 2 (SOC2)
  • D. Service Organization Control 3 (SOC3)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CuteRabbit168 at Sept. 6, 2022, 6:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
CuteRabbit168
Highly Voted 2 years, 2 months ago
Selected Answer: B
B (SOC 1) is the correct answer. Misread the question earlier.
upvoted 7 times
jackdryan
1 year, 6 months ago
B is correct
upvoted 1 times
...
...
CCNPWILL
Most Recent 7 months, 1 week ago
Financial... internal... SOC1 !
upvoted 1 times
...
vorozco
1 year, 5 months ago
Selected Answer: B
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements. https://www.techtarget.com/searchsecurity/definition/SOC-1-System-and-Organization-Controls-1?Offer=abMeterCharCount_var2
upvoted 1 times
...
KelvinYau
1 year, 5 months ago
Selected Answer: B
No other choose only B is Financial.
upvoted 1 times
...
KelvinYau
1 year, 5 months ago
No other choose only B is Financial.
upvoted 1 times
...
jegga
1 year, 6 months ago
B is correct - The SOC1 audit focuses on a description of security mechanisms to assess their suitability.
upvoted 1 times
...
Firedragon
2 years ago
B is the answer. https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report SOC 1 - SOC for Service Organizations: ICFR Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR)
upvoted 1 times
...
rootic
2 years ago
Selected Answer: B
Financial, so B.
upvoted 1 times
...
Eltooth
2 years, 1 month ago
Selected Answer: B
B is correct answer. SOC Type 1
upvoted 1 times
...
stickerbush1970
2 years, 2 months ago
Selected Answer: B
SOC 1 Used to address internal controls that relate to a vendor’s financial reporting. It essentially looks at the quality of the vendor’s bookkeeping by disclosing its financial and accounting controls. 1. Report evaluates controls within a single point in time (a single date) and often doesn’t test controls. 2. Report is considered the ideal option because it tests control effectiveness over a period of time, thereby giving you better insight into patterns or recurring issues.
upvoted 2 times
CuteRabbit168
2 years, 2 months ago
The question is asking about: "control objectives and controls that are relevant to users' internal control over financial reporting". (i.e. NOT financial reporting). Hence, shouldn't the answer be "C" ?
upvoted 1 times
dev46
2 years, 2 months ago
No. it's B Two keywords here. "internal" + "financial" = SOC 1.
upvoted 2 times
...
...
...
franbarpro
2 years, 2 months ago
Selected Answer: B
I am going with "B" on this one. SOC 1 report. Evaluates how your services impact your customers’ financial reporting control environment SOC 1 matters for both financial transactions and the things that can impact financial transactions SOC 2 report is more operational and broadly related to security and governance matters. Not only does it describe how your services remain secure and how you protect the data entrusted to you, but it also notes how well your organization keeps its commitments to the same. https://www.schellman.com/blog/2016/01/what-are-service-organization-controls-soc-reports/
upvoted 2 times
...
CuteRabbit168
2 years, 2 months ago
Selected Answer: C
SOC 1 focuses on financial reporting, whereas SOC 2 focuses on compliance and operations.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel