Certified Cloud Security Professional (CCSP) — Question 414

What are SOC 1/SOC 2/SOC 3?

Answer options

• A. Audit reports
• B. Risk management frameworks
• C. Access controls
• D. Software developments

Correct answer: A

Explanation

The correct answer is A because SOC 1, SOC 2, and SOC 3 reports are specifically designed to provide assurance about the controls relevant to the services provided by a service organization. Options B, C, and D do not accurately describe these reports, as they focus on other aspects of organizational management and security rather than being specific audit reports.