AWS Certified Cloud Practitioner — Question 701

A company is building an application on AWS The application needs to comply with credit card regulatory requirements. The company needs proof that the AWS services and deployment are in compliance.

Which actions should the company take to meet these requirements? (Choose two.)

Answer options

• A. Use Amazon Inspector to submit the application for certification
• B. Ensure that the application's underlying hardware components comply with requirements
• C. Use AWS Artifact to access AWS documents about the compliance of the services
• D. Get the compliance of the application certified by a company assessor
• E. Use AWS Security Hub to certify the compliance of the application

Correct answer: C, D

Explanation

Under the AWS Shared Responsibility Model, AWS is responsible for the security of the cloud, and customers can retrieve proof of AWS infrastructure compliance (such as PCI DSS) using AWS Artifact. The customer is responsible for the security in the cloud, meaning they must hire an assessor to evaluate and certify their specific application deployment. Services like Amazon Inspector and AWS Security Hub are security assessment tools but cannot officially certify an application for regulatory compliance.