AIncorrect
AWS CloudTrail
CloudTrail is a service that records the history of API operations within an account.
It does not retrieve AWS third-party certification reports, so this is incorrect.
A company needs to download AWS third-party certification reports (such as SOC reports and ISO certifications) and other compliance documents on demand for an audit. Which service is MOST suitable?
1 / 1
Select an answer
CorrectB
Explanation
A question about selecting the service used to obtain AWS compliance documents.
- 1「third-party certification reports」Audit reports such as SOC/ISO/PCI.
- 2「compliance documents on demand」Obtain when needed via self-service = Artifact.
- 3「audit」Evidence to submit to auditors is required.
BCorrect
AWS Artifact
Correct. AWS Artifact is a portal that provides on-demand access to AWS third-party certification reports (SOC, ISO, PCI, and others) and compliance documents. It allows auditors to download the evidence they need at any time through a self-service experience.
CIncorrect
AWS Audit Manager
AWS Audit Manager is a service that continuously collects evidence from your own environment (configuration and operation records) and helps generate audit-ready reports.
What it collects is evidence related to your own usage—the place to download AWS's own third-party certification reports (SOC, ISO, etc.) is Artifact—so this is incorrect.
DIncorrect
AWS Config
AWS Config is a service that records resource configuration changes and continuously evaluates compliance with rules.
It targets the configuration of your own resources and has no capability to download AWS SOC reports, ISO certifications, or other compliance documents, so this is incorrect.
Key Takeaway
'Third-party certification reports' and 'downloading compliance documents' = AWS Artifact. Collecting evidence from your own environment = Audit Manager; recording and evaluating configuration = Config; recording API operations = CloudTrail. Distinguish them by 'whose data and what is being handled.'