Q96 — AWS SOA-C02 Ch.1

Question 96 of 100 | ← Chapter 1

A company is undergoing an external audit of its systems, which run wholly on AWS. A SysOps administrator must supply documentation of Payment Card Industry Data Security Standard (PCI DSS) compliance for the infrastructure managed by AWS. Which set of actions should the SysOps administrator take to meet this requirement?

Correct Answer: A. Download the applicable reports from the AWS Artifact portal and supply these to the auditors.

Explanation

AWS Artifact 是获取 AWS 服务合规性证明的官方来源,用户可通过该门户下载 AWS 提供的 PCI DSS 等合规性报告。选项 A 直接使用 AWS 提供的合规文档,符合审计要求。选项 B、C 的内容属于用户自身日志,无法替代 AWS 的基础设施合规证明。选项 D 涉及安全风险,不符合审计规范。AWS 责任共担模型明确由 AWS 负责底层基础设施的合规性,用户通过 Artifact 获取相关报告即可。AWS 官方文档指出,客户应使用 Artifact 中的合规报告作为第三方审计依据。