Certified Cloud Security Professional (CCSP) — Question 134

Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

Answer options

• A. SAS-70
• B. SOC 2
• C. SOC 1
• D. SOX

Correct answer: B

Explanation

The correct answer is B, SOC 2, which is specifically designed to evaluate the controls relevant to security, availability, processing integrity, confidentiality, and privacy in cloud services. Option A, SAS-70, has been replaced by SOC reports and is outdated, while SOC 1 (Option C) focuses on financial reporting controls, and SOX (Option D) refers to the Sarbanes-Oxley Act, which is regulatory legislation and not an audit report.