They will first ask for the report/certifications, but if you don't have one, they'll likely proceed with asking more detailed questions about your security.
Putting the things mentioned in the article in place will help a lot in answering to those questionnaires.
Same here, was initially asked to provide SOC2 report or ISO 27001 certificate, in addition to filling out cloud compliance matrix. Just tell them your aim is to get certified, and also show them that you take security very seriously- and it does not seem to be a requirement any more.
Putting the things mentioned in the article in place will help a lot in answering to those questionnaires.