AWS Certified Cloud Practitioner

Explanation

Correct Answers: A and B

Why A and B are correct:

A. Choose AWS services which are PCI Compliant

• AWS maintains a list of services that are already PCI DSS (Payment Card Industry Data Security Standard) compliant

• By selecting these pre-compliant services, you leverage AWS's existing compliance certifications

• This reduces the compliance burden on your application development

B. Ensure the right steps are taken during application development for PCI Compliance

• PCI compliance requires specific security measures throughout the development lifecycle

• This includes secure coding practices, proper data handling, encryption implementation, and access controls

• Compliance must be built into the application from the design phase, not added as an afterthought

Why C and D are incorrect:

C. Ensure the AWS Services are made PCI Compliant

• AWS services are already made PCI compliant by AWS - customers don't need to make them compliant

• AWS provides compliant services, but customers are responsible for using them in a compliant manner

D. Do an audit after the deployment of the application for PCI Compliance

• While audits are part of PCI compliance, they should not be the primary approach

• Compliance should be built into the development process, not verified only after deployment

• Post-deployment audits may reveal compliance gaps that are expensive and time-consuming to fix

Key Takeaway:

PCI compliance on AWS is a shared responsibility model where AWS provides compliant infrastructure and services, while customers are responsible for implementing proper security controls in their applications and using AWS services in a compliant manner.