ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Area III: SOC EngagementsSOC ReportsTrust Services CriteriaArea III

CPA · Question 67 · Area III: SOC Engagements

In a SOC 2 engagement, which criteria is MANDATORY for every report?

Answer options:

A.

Availability

B.

Privacy

C.

Security (Common Criteria)

D.

Confidentiality

How to approach this question

Security is the baseline.

Full Answer

C.Security (Common Criteria)✓ Correct
Security (Common Criteria)
The Security category (also known as the Common Criteria) is the only mandatory category in a SOC 2. The others (Availability, PI, Confidentiality, Privacy) are optional based on user needs.

Common mistakes

Thinking all 5 are required.
66All questions68

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy
View all 82 questions →