EMC Proven Professional – Cloud Architect — Question 26

An organization falls under the compliance regulations for PCI. The organization will deploy applications in the public cloud and wants to use a public cloud provider that is PCI compliant.
How does the organization confirm compliance?

Answer options

• A. Provide third party audit documentation to the provider for review
• B. Review the provider's compliance controls and third party audit documentation
• C. Review the provider's infrastructure logs and access logs
• D. Provide application logs to the provider for review

Correct answer: C

Explanation

The correct answer is B, as reviewing the provider's compliance controls and third party audit documentation is essential to confirm their PCI compliance. Options A, C, and D do not directly verify compliance; they involve reviewing logs or documentation that may not provide the necessary assurance of compliance status.