Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 87 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 87
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider.

Which combination of the following actions should the engineer take to allow users to be authenticated into the web application and call APIs? (Choose three.)

  • A. Create a custom authorization service using AWS Lambda.
  • B. Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
  • C. Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
  • D. Configure an Amazon Cognito identity pool to integrate with social login providers.
  • E. Update DynamoDB to store the user email addresses and passwords.
  • F. Update API Gateway to use a COGNITO_USER_POOLS authorizer.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by oioi at Nov. 23, 2023, 9:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Daniel76
9 months, 1 week ago
Selected Answer: BCF
For API to refer to Cognito user pool, use "COGNITO_USER_POOLS" authorizer https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html For Cognito user pool to act as relying party to SAML IdP https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html Other options: A- "As an alternative to using IAM roles and policies or Lambda authorizers (formerly known as custom authorizers), you can use an Amazon Cognito user pool to control who can access your API in Amazon API Gateway." https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html D - social login users not required for this question. E - Dynamo DB is irrelevant- never store store password in db without all the additional overheads required to keep them secure.
upvoted 2 times
...
rahav
9 months, 2 weeks ago
Selected Answer: BCF
BCF is logical here
upvoted 1 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: BCF
BCF. This was on the other exam topics practice set
upvoted 2 times
...
oioi
10 months, 2 weeks ago
Selected Answer: BCF
correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel