Certificate of Cloud Auditing Knowledge (CCAK) — Question 88

To qualify for CSA STAR attestation for a particular cloud system, the SOC 2 report must cover:

Answer options

• A. ISO/IЕС 27001: 2013 controls.
• B. maturity model criteria.
• C. all Cloud Control Matrix (CCM) controls and TSPC security principles.
• D. Cloud Control Matrix (CCM) and ISO/IEC 27001:2013 controls.

Correct answer: C

Explanation

The correct answer, C, is right because CSA STAR attestation requires a SOC 2 report that encompasses both all Cloud Control Matrix (CCM) controls and TSPC security principles. Options A and D mention ISO/IEC 27001:2013 controls, which are not mandatory for this attestation, while option B refers to maturity model criteria that do not fulfill the SOC 2 report requirements.