Which of the following statements is TRUE regarding the use of a SOC 2 report?

Answer options:

It is a public document available to anyone.

It is generally a restricted-use report intended for existing customers and their auditors.

It certifies that the company is 100% secure.

It is only valid for 30 days.

How to approach this question

SOC 2 = Restricted. SOC 3 = Public.

Full Answer

B.It is generally a restricted-use report intended for existing customers and their auditors.✓ Correct

SOC 2 reports contain sensitive details about the system and controls, so their distribution is restricted to user entities, their auditors, and management.

Common mistakes

Confusing SOC 2 with SOC 3.

Question 81 All questions

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...Hard Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy

View all 82 questions →