CompTIA Security+ SY0-601 – Question104

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting
documents that show proper controls are in place to protect customer data. Which of the following would be
BEST for the third-party vendor to provide to the CISO?


A.
GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks

Correct Answer: C

Explanation:

Reference: https://www.onelogin.com/compliance/soc-2-type-2#:~:text=A%20SOC%20…
20third%20party%20technology%20services