ExpertMedium1 markMultiple Choice
CPA · Question 82 · Area III: SOC Engagements
Which of the following statements is TRUE regarding the use of a SOC 2 report?
Which of the following statements is TRUE regarding the use of a SOC 2 report?
Answer options:
A.
It is a public document available to anyone.
B.
It is generally a restricted-use report intended for existing customers and their auditors.
C.
It certifies that the company is 100% secure.
D.
It is only valid for 30 days.
How to approach this question
SOC 2 = Restricted. SOC 3 = Public.
Full Answer
B.It is generally a restricted-use report intended for existing customers and their auditors.✓ Correct
It is generally a restricted-use report intended for existing customers and their auditors.
SOC 2 reports contain sensitive details about the system and controls, so their distribution is restricted to user entities, their auditors, and management.
Common mistakes
Confusing SOC 2 with SOC 3.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy