Certified Cloud Security Professional (CCSP) — Question 45

Which audit type has been largely replaced by newer approaches since 2011?

Answer options

• A. SOC Type 1
• B. SSAE-16
• C. SAS-70
• D. SOC Type 2

Correct answer: C

Explanation

The correct answer is SAS-70, which has been largely phased out in favor of newer standards like SOC reports. SOC Type 1, SSAE-16, and SOC Type 2 are still relevant and used in current audit practices, while SAS-70 is outdated.