ExpertMedium1 markMultiple Choice
CPA · Question 77 · Area III: SOC Engagements
Which of the following is a 'Privacy' control (as opposed to Security) in a SOC 2® engagement?
Which of the following is a 'Privacy' control (as opposed to Security) in a SOC 2® engagement?
Answer options:
A.
Firewall configuration.
B.
Multi-factor authentication.
C.
Procedures for handling data subject access requests (DSARs).
D.
Antivirus software.
How to approach this question
Security = Protection. Privacy = Rights/Notice/Consent.
Full Answer
C.Procedures for handling data subject access requests (DSARs).✓ Correct
C
Privacy criteria focus on notice, choice and consent, collection, use, retention, and disposal, and access. Handling DSARs (Data Subject Access Requests) is a specific privacy requirement (e.g., GDPR, CCPA).
Common mistakes
Thinking encryption is purely privacy (it's a security tool used for confidentiality).
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard