exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 87 discussion

A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider.

Which combination of the following actions should the engineer take to allow users to be authenticated into the web application and call APIs? (Choose three.)

  • A. Create a custom authorization service using AWS Lambda.
  • B. Configure a SAML identity provider in Amazon Cognito to map attributes to the Amazon Cognito user pool attributes.
  • C. Configure the SAML identity provider to add the Amazon Cognito user pool as a relying party.
  • D. Configure an Amazon Cognito identity pool to integrate with social login providers.
  • E. Update DynamoDB to store the user email addresses and passwords.
  • F. Update API Gateway to use a COGNITO_USER_POOLS authorizer.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Daniel76
11 months, 1 week ago
Selected Answer: BCF
For API to refer to Cognito user pool, use "COGNITO_USER_POOLS" authorizer https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html For Cognito user pool to act as relying party to SAML IdP https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html Other options: A- "As an alternative to using IAM roles and policies or Lambda authorizers (formerly known as custom authorizers), you can use an Amazon Cognito user pool to control who can access your API in Amazon API Gateway." https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html D - social login users not required for this question. E - Dynamo DB is irrelevant- never store store password in db without all the additional overheads required to keep them secure.
upvoted 2 times
...
rahav
11 months, 2 weeks ago
Selected Answer: BCF
BCF is logical here
upvoted 1 times
...
[Removed]
1 year ago
Selected Answer: BCF
BCF. This was on the other exam topics practice set
upvoted 2 times
...
oioi
1 year ago
Selected Answer: BCF
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...