You are performing an audit of the security controls used in a cloud environment.
Which of the following would best serve your purpose?
Response:

SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?

Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

To address shared monitoring and testing responsibilities in a cloud configuration, the provider might offer all these to the cloud customer except:

You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources.
In order to pass the user IDs and authenticating credentials of each user among the organizations, what protocol/language/motif will you most likely utilize?
Response: