Certified Cloud Security Professional (CCSP) — Question 127

Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.
Which of the following audits are considered "restricted use" versus being for a more broad audience?

Answer options

• A. SOC Type 2
• B. SOC Type 1
• C. SOC Type 3
• D. SAS-70

Correct answer: A

Explanation

The correct answer is A, SOC Type 2, as it is designed for specific stakeholders and typically includes detailed information about the organization's controls over a period of time. In contrast, SOC Type 1 and SOC Type 3 are generally intended for broader audiences and do not have the same level of restriction as SOC Type 2. SAS-70 has been deprecated and replaced by SOC audits, making it less relevant in this context.