Certified Information Systems Security Professional (CISSP) — Question 298

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in th is situation?

Answer options

• A. Confidentiality
• B. Processing Integrity
• C. Security
• D. Availability

Correct answer: B

Explanation

The correct answer is B, Processing Integrity, because it focuses on ensuring that system processing is complete, accurate, and authorized. The finding regarding the API indicates a potential failure in processing integrity, as the action taken is not in line with the system's intended objectives. The other options, while relevant to security and functionality, do not specifically address the principle of processing actions correctly according to defined scopes.