The correct answer is:
**B. SOC 2 Type 2**
A SOC 2 Type 2 report evaluates not only the design of the controls but also their operating effectiveness over a specified period. This type of report provides assurance that the controls were in place and functioning effectively throughout the period under review, making it the best option for ensuring the operating effectiveness of controls in a cloud service provider offering.
In contrast, a SOC 2 Type 1 report focuses on the suitability of the design of controls at a specific point in time, without evaluating their operational effectiveness over time. SOC 3 reports are less detailed and intended for public distribution, while SOC 1 reports are focused on financial reporting controls rather than IT and operational controls.
Page 379 of CCAK Study Guide.
Soc2 Type 2- Report on management's description of a CSP system and the suitability of the design and operating effectiveness of controls (over-a-period-of-time assessment).
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CCAK Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
3 months ago339dfab
8 months ago