- (Exam Topic 14)
Which of the following is true of Service Organization Control (SOC) reports?

1. A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls
2. B. SOC 2 Type 2 reports include information of interest to the service organization’s management
3. C. SOC 2 Type 2 reports assess internal controls for financial reporting
4. D. SOC 3 Type 2 reports assess internal controls for financial reporting

Correct Answer: B
Reference:
http://ssae16.businesscatalyst.com/SSAE16_reports.html

- (Exam Topic 2)
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

1. A. Personal Identity Verification (PIV)
2. B. Cardholder Unique Identifier (CHUID) authentication
3. C. Physical Access Control System (PACS) repeated attempt detection
4. D. Asymmetric Card Authentication Key (CAK) challenge-response

Correct Answer: A

- (Exam Topic 10)
What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

1. A. Some users are not provisioned into the service.
2. B. SAML tokens are provided by the on-premise identity provider.
3. C. Single users cannot be revoked from the service.
4. D. SAML tokens contain user information.

Correct Answer: A

- (Exam Topic 15)
When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then manually connects the call.
This is an example of which type of network topology?

1. A. Star
2. B. Tree
3. C. Point-to-Point Protocol (PPP)
4. D. Bus

Correct Answer: A

- (Exam Topic 15)
Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

1. A. Data processing
2. B. Storage encryption
3. C. File hashing
4. D. Data retention policy

Correct Answer: C