Which of the following is MOST important for an external auditor to review to verify that a cloud service provider's controls are designed and operating effectively?
A.
TSP Criteria
B.
Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) evaluation
The most important document for an external auditor to review to verify that a cloud service provider's controls are designed and operating effectively is the SOC 2 Type 2 report (option C).
A SOC 2 Type 2 report provides an assessment of the effectiveness of a service organization's controls over a period of time, typically six months to a year. This report includes a detailed description of the service organization's system and the suitability of the design and operating effectiveness of its controls. This is in contrast to a SOC 2 Type 1 report, which only assesses the design of controls at a specific point in time.
Therefore, the SOC 2 Type 2 report is more comprehensive and provides a better basis for verifying that controls are both designed properly and operating effectively.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CCAK Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
1 month, 2 weeks ago