A financial services company is undergoing a PCI Audit. How should a security team member best enable the auditors to assess and validate the security and compliance of the underlying AWS infrastructure?

Answer options:

A.Create IAM users, policy, and role granting them access to Amazon CloudTrail.
B.Download reports from the AWS Artifact console and provide them to the auditors.
C.Create IAM users, policy, and role granting them access to Amazon Config.
D.Provide them with Amazon Inspector findings reports.

Answer: B
Option A is incorrect because CloudTrail provides details of all the actions taken by a user, role, or an AWS service but does not provide AWS security and compliance documents, such as AWS ISO, PCI, and SOC reports as per the asks.
Option B is CORRECT because Amazon Artifact Reports can be used to assess and validate the security and compliance of the AWS infrastructure, such as AWS ISO, PCI, and SOC reports.
Option C is incorrect because Amazon Config is used to assess, audit, and evaluate the configurations of your AWS services resources. It cannot be used to validate the compliance of the underlying AWS infrastructure. 
Option D is incorrect because Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS but cannot be used to validate the compliance of the underlying AWS infrastructure.
Reference:
https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html