Explanation: The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.

Explanation: A hybrid cloud model involves the use of more than one type of cloud hosting models, typically the mix of private and public cloud hosting models.

Explanation: Firewalls take into account source IP, destination IP, the port the traffic is using, as well as the network protocol (UDP/TCP). Whether or not the traffic is encrypted is not something a firewall is concerned with.

Explanation:
Regardless of which cloud-hosting model is used, the cloud provider always has sole responsibility for the physical environment.

Explanation: In any environment, data encryption is incredibly important to prevent unauthorized exposure of data either internally or externally. If a system is compromised by an attack, having the data encrypted on the system will prevent its unauthorized exposure or export, even with the system itself being exposed.

Explanation: Budgetary and cost controls is not one of the domains outlined in the CCM.

Explanation: The main goal of confidentiality is to ensure that sensitive information is not made available or leaked to parties that should not have access to it, while at the same time ensuring that those with appropriate need and authorization to access it can do so in a manner commensurate with their needs and confidentiality requirements.

Explanation: SOC Type 1 reports are focused specifically on internal controls as they relate to financial reporting.

Explanation: To implement DNSSEC, no additional changes are needed to applications or their code because the integrity checks are all performed at the system level.

Explanation: SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but are evaluated over a period of at least six consecutive months, rather than a finite point in time.