AWS Certified Big Data – Specialty — Question 48

A data engineer chooses Amazon DynamoDB as a data store for a regulated application. This application must be submitted to regulators for review. The data engineer needs to provide a control framework that lists the security controls from the process to follow to add new users down to the physical controls of the data center, including items like security guards and cameras.
How should this control mapping be achieved using AWS?

Answer options

• A. Request AWS third-party audit reports and/or the AWS quality addendum and map the AWS responsibilities to the controls that must be provided.
• B. Request data center Temporary Auditor access to an AWS data center to verify the control mapping.
• C. Request relevant SLAs and security guidelines for Amazon DynamoDB and define these guidelines within the applications architecture to map to the control framework.
• D. Request Amazon DynamoDB system architecture designs to determine how to map the AWS responsibilities to the control that must be provided.

Correct answer: A

Explanation

The correct answer is A because obtaining third-party audit reports and the AWS quality addendum allows the data engineer to map AWS's shared responsibility model to the specific controls needed for regulatory compliance. Option B is impractical as gaining access to a data center for auditing isn't typically allowed. Options C and D do not provide a comprehensive method for mapping AWS responsibilities to the control framework as effectively as option A.