AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us-east-1 Region. How should the company respond to the auditor's request?
Real Exam
Community
RRitesh
A
Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
B
Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
C
Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
D
Use AWS Artifact to download the applicable report for AWS security controls. Provide the report to the auditor.
Explanation:
Explanation
AWS Artifact is the correct service for this scenario because:
-
AWS Artifact is AWS's self-service portal for on-demand access to AWS security and compliance documentation
-
It provides access to various compliance reports, certifications, and attestations that AWS maintains (such as SOC reports, PCI DSS, ISO certifications, etc.)
-
Companies can download these reports directly without needing to involve AWS Support or TAMs
-
The reports cover AWS's security controls across all regions and Availability Zones
-
This approach is efficient and meets the auditor's requirements without unnecessary delays
Why other options are incorrect:
-
Option A: While TAMs can provide guidance, AWS Artifact provides direct access to the actual compliance documentation
-
Option B: AWS does not allow customers or auditors to conduct onsite assessments of AWS data centers due to security reasons
-
Option C: AWS infrastructure still needs to be audited; hosting in multiple Availability Zones doesn't exempt from compliance requirements
AWS Artifact is specifically designed for these types of compliance and audit scenarios, making it the most appropriate response.
Comments
Loading comments...