Certified Cloud Security Professional (CCSP) — Question 86

Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud provider?

Answer options

• A. SOC 1 Type 1
• B. SOC 2 Type 2
• C. SOC 3
• D. SOC 1 Type 2

Correct answer: C

Explanation

A SOC 3 report is specifically designed for general use and provides a summary of the SOC 2 report, making it the most accessible and likely report for cloud customers. In contrast, SOC 1 and SOC 2 reports are more detailed and typically intended for specific stakeholders, which may not be as beneficial for a broad audience.