Answer: Choose AWS services which are PCI Compliant, Ensure the right steps are taken during application development for PCI Compliance

## Explanation **Correct Answers: A and B** ### Why A and B are correct: **A. Choose AWS services which are PCI Compliant** - AWS maintains a list of services that are already PCI DSS (Payment Card Industry Data Security Standard) compliant - By selecting these pre-compliant services, you leverage AWS's existing compliance certifications - This reduces the compliance burden on your application development **B. Ensure the right steps are taken during application development for PCI Compliance** - PCI compliance requires specific security measures throughout the development lifecycle - This includes secure coding practices, proper data handling, encryption implementation, and access controls - Compliance must be built into the application from the design phase, not added as an afterthought ### Why C and D are incorrect: **C. Ensure the AWS Services are made PCI Compliant** - AWS services are already made PCI compliant by AWS - customers don't need to make them compliant - AWS provides compliant services, but customers are responsible for using them in a compliant manner **D. Do an audit after the deployment of the application for PCI Compliance** - While audits are part of PCI compliance, they should not be the primary approach - Compliance should be built into the development process, not verified only after deployment - Post-deployment audits may reveal compliance gaps that are expensive and time-consuming to fix ### Key Takeaway: PCI compliance on AWS is a shared responsibility model where AWS provides compliant infrastructure and services, while customers are responsible for implementing proper security controls in their applications and using AWS services in a compliant manner.

Author: Ritesh Yadav