An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us-east-1 Region. How should the company respond to the auditor's request?

Real Exam

Community

RRitesh

Explanation:

Explanation

AWS Artifact is the correct service for this scenario because:

AWS Artifact is AWS's self-service portal for on-demand access to AWS security and compliance documentation
It provides access to various compliance reports, certifications, and attestations that AWS maintains (such as SOC reports, PCI DSS, ISO certifications, etc.)
Companies can download these reports directly without needing to involve AWS Support or TAMs
The reports cover AWS's security controls across all regions and Availability Zones
This approach is efficient and meets the auditor's requirements without unnecessary delays

Why other options are incorrect:

Option A: While TAMs can provide guidance, AWS Artifact provides direct access to the actual compliance documentation
Option B: AWS does not allow customers or auditors to conduct onsite assessments of AWS data centers due to security reasons
Option C: AWS infrastructure still needs to be audited; hosting in multiple Availability Zones doesn't exempt from compliance requirements

AWS Artifact is specifically designed for these types of compliance and audit scenarios, making it the most appropriate response.

Powered ByGPT-5