Certified Cloud Security Professional (CCSP) — Question 440

Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?

Answer options

• A. SOC 1
• B. SOC 2
• C. SOC 3
• D. SOC 4

Correct answer: B

Explanation

The correct answer is B, SOC 2, which specifically focuses on the operational controls that ensure data confidentiality, integrity, and availability. SOC 1 is related to financial reporting controls, SOC 3 provides a general overview of SOC 2 reports, and SOC 4 does not exist as a standard category in SSAE audits.