In a SOC 2 engagement, which criteria is MANDATORY for every report?

Answer options:

Availability

Privacy

Security (Common Criteria)

Confidentiality

How to approach this question

Security is the baseline.

Full Answer

C.Security (Common Criteria)✓ Correct

The Security category (also known as the Common Criteria) is the only mandatory category in a SOC 2. The others (Availability, PI, Confidentiality, Privacy) are optional based on user needs.

Common mistakes

Thinking all 5 are required.

Question 66 All questions Question 68

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...Hard Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy

View all 82 questions →