YouTube
shieldCISSP Practice Domain 6 — Security Assessment and Testing Q93 of 120

Which type of audit report tests the operating effectiveness of controls over a period of time?

A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.

Show options & answer
A
SOC 1 Type I
B
SOC 1 Type II
C
SOC 2 Type I
D
SOC 2 Type II
✓ Correct answer
Why "SOC 2 Type II" is the right answer

SOC 2 Type II tests Trust Services Criteria controls operating effectiveness over a period (typically 6-12 months). Type I tests design at a point in time. SOC 1 covers financial-reporting controls (ICFR), not security.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary