Answer: Use AWS Artifact to download the applicable report for AWS security controls. Provide the report to the auditor.

## Explanation AWS Artifact is the correct service for this scenario because: - **AWS Artifact** is AWS's self-service portal for on-demand access to AWS security and compliance documentation - It provides access to various compliance reports, certifications, and attestations that AWS maintains (such as SOC reports, PCI DSS, ISO certifications, etc.) - Companies can download these reports directly without needing to involve AWS Support or TAMs - The reports cover AWS's security controls across all regions and Availability Zones - This approach is efficient and meets the auditor's requirements without unnecessary delays **Why other options are incorrect:** - **Option A**: While TAMs can provide guidance, AWS Artifact provides direct access to the actual compliance documentation - **Option B**: AWS does not allow customers or auditors to conduct onsite assessments of AWS data centers due to security reasons - **Option C**: AWS infrastructure still needs to be audited; hosting in multiple Availability Zones doesn't exempt from compliance requirements AWS Artifact is specifically designed for these types of compliance and audit scenarios, making it the most appropriate response.

Author: Ritesh Yadav